Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

From Yuichiro Naito (FreeBSD):

Browse Source 
hrs@ says that
(cbp >= MB_LEN_MAX) condition is necessary for checking invalid
byte sequences.  If malicious input was given, libedit would read
byte sequences forever.
This commit is contained in:
christos 2018-11-25 16:21:04 +00:00
parent 2cb4fa4296
commit e9933f923a
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/libedit/read.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: read.c,v 1.104 2018/11/18 17:09:39 christos Exp $ */
/* $NetBSD: read.c,v 1.105 2018/11/25 16:21:04 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)read.c 8.1 (Berkeley) 6/4/93";
#else
__RCSID("$NetBSD: read.c,v 1.104 2018/11/18 17:09:39 christos Exp $");
__RCSID("$NetBSD: read.c,v 1.105 2018/11/25 16:21:04 christos Exp $");
#endif
#endif /* not lint && not SCCSID */
@ -335,6 +335,11 @@ read_char(EditLine *el, wchar_t *cp)
goto again;
}
case (size_t)-2:
if (cbp >= MB_LEN_MAX) {
errno = EILSEQ;
*cp = L'\0';
return -1;
}
/* Incomplete sequence, read another byte. */
goto again;
default: