Date: Thu, 5 Nov 2020 22:35:45 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r367401 - stable/12/lib/libc/tests/resolv Message-ID: <202011052235.0A5MZjSx012554@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Thu Nov 5 22:35:45 2020 New Revision: 367401 URL: https://svnweb.freebsd.org/changeset/base/367401 Log: MFC 365055: Fix a buffer overrun. getln() returns 'len' valid characters. line[len] is out of bounds. Modified: stable/12/lib/libc/tests/resolv/resolv_test.c Directory Properties: stable/12/ (props changed) Modified: stable/12/lib/libc/tests/resolv/resolv_test.c ============================================================================== --- stable/12/lib/libc/tests/resolv/resolv_test.c Thu Nov 5 21:44:58 2020 (r367400) +++ stable/12/lib/libc/tests/resolv/resolv_test.c Thu Nov 5 22:35:45 2020 (r367401) @@ -77,15 +77,15 @@ load(const char *fname) if ((fp = fopen(fname, "r")) == NULL) ATF_REQUIRE(fp != NULL); while ((line = fgetln(fp, &len)) != NULL) { - char c = line[len]; + char c = line[len - 1]; char *ptr; - line[len] = '\0'; + line[len - 1] = '\0'; for (ptr = strtok(line, WS); ptr; ptr = strtok(NULL, WS)) { if (ptr == '\0' || ptr[0] == '#') continue; sl_add(hosts, strdup(ptr)); } - line[len] = c; + line[len - 1] = c; } (void)fclose(fp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202011052235.0A5MZjSx012554>