Date: Tue, 1 Sep 2020 16:20:43 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r365055 - head/lib/libc/tests/resolv Message-ID: <202009011620.081GKhgO031890@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Tue Sep 1 16:20:42 2020 New Revision: 365055 URL: https://svnweb.freebsd.org/changeset/base/365055 Log: Fix a buffer overrun. getln() returns 'len' valid characters. line[len] is out of bounds. Reported by: CHERI Reviewed by: brooks Obtained from: CheriBSD MFC after: 2 weeks Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D26197 Modified: head/lib/libc/tests/resolv/resolv_test.c Modified: head/lib/libc/tests/resolv/resolv_test.c ============================================================================== --- head/lib/libc/tests/resolv/resolv_test.c Tue Sep 1 16:17:21 2020 (r365054) +++ head/lib/libc/tests/resolv/resolv_test.c Tue Sep 1 16:20:42 2020 (r365055) @@ -76,15 +76,15 @@ load(const char *fname) if ((fp = fopen(fname, "r")) == NULL) ATF_REQUIRE(fp != NULL); while ((line = fgetln(fp, &len)) != NULL) { - char c = line[len]; + char c = line[len - 1]; char *ptr; - line[len] = '\0'; + line[len - 1] = '\0'; for (ptr = strtok(line, WS); ptr; ptr = strtok(NULL, WS)) { if (ptr == '\0' || ptr[0] == '#') continue; sl_add(hosts, strdup(ptr)); } - line[len] = c; + line[len - 1] = c; } (void)fclose(fp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009011620.081GKhgO031890>