Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

analyzer/protocol/ident: fix buffer overflow in ParsePort()

Browse source 
The given buffer is not null-terminated; the method must obey the
"end_of_line" pointer.
This commit is contained in:
Max Kellermann 2020-02-10 15:30:12 +01:00
parent f849571910
commit 9b2709ca18
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/analyzer/protocol/ident/Ident.cc
View file

@ -215,7 +215,7 @@ const char* Ident_Analyzer::ParsePort(const char* line, const char* end_of_line,
int n = 0;
line = skip_whitespace(line, end_of_line);
if ( ! isdigit(*line) )
if ( line >= end_of_line || ! isdigit(*line) )
return nullptr;
const char* l = line;
@ -225,7 +225,7 @@ const char* Ident_Analyzer::ParsePort(const char* line, const char* end_of_line,
n = n * 10 + (*line - '0');
++line;
}
while ( isdigit(*line) );
while ( line < end_of_line && isdigit(*line) );
line = skip_whitespace(line, end_of_line);