From 9b2709ca187d18b5ddbb751341f736e5d3c62015 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max.kellermann@gmail.com>
Date: Mon, 10 Feb 2020 15:30:12 +0100
Subject: [PATCH] analyzer/protocol/ident: fix buffer overflow in ParsePort()

The given buffer is not null-terminated; the method must obey the
"end_of_line" pointer.
---
 src/analyzer/protocol/ident/Ident.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/analyzer/protocol/ident/Ident.cc b/src/analyzer/protocol/ident/Ident.cc
index a9c6d5a066..90108a2458 100644
--- a/src/analyzer/protocol/ident/Ident.cc
+++ b/src/analyzer/protocol/ident/Ident.cc
@@ -215,7 +215,7 @@ const char* Ident_Analyzer::ParsePort(const char* line, const char* end_of_line,
 	int n = 0;
 
 	line = skip_whitespace(line, end_of_line);
-	if ( ! isdigit(*line) )
+	if ( line >= end_of_line || ! isdigit(*line) )
 		return nullptr;
 
 	const char* l = line;
@@ -225,7 +225,7 @@ const char* Ident_Analyzer::ParsePort(const char* line, const char* end_of_line,
 		n = n * 10 + (*line - '0');
 		++line;
 		}
-	while ( isdigit(*line) );
+	while ( line < end_of_line && isdigit(*line) );
 
 	line = skip_whitespace(line, end_of_line);