diff options
| author | Phil Sutter <phil@nwl.cc> | 2016-08-30 19:39:49 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-05 18:37:16 +0200 |
| commit | 7a5b4c505e4d460239ac8a36b4fbccf222cd6134 (patch) | |
| tree | 00ba9ca65f77fee22092807f20f8095ddf621e1f | |
| parent | d815b8d2bf18bc589f10c3fb4524a2b93fe91b93 (diff) | |
evaluate: Fix datalen checks in expr_evaluate_string()
I have been told that the flex scanner won't return empty strings, so
strlen(data) should always be greater 0. To avoid a hard to debug issue
though, add an assert() to make sure this is always the case before
risking an unsigned variable underrun.
A real issue though is the check for 'datalen - 1 >= 0', which will
never fail due to datalen being unsigned. Fix this by incrementing both
sides by one, hence checking 'datalen >= 1'.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/evaluate.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 7eb28f2c..fb9b8253 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -221,6 +221,7 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp) memset(data + len, 0, data_len - len); mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len); + assert(strlen(data) > 0); datalen = strlen(data) - 1; if (data[datalen] != '*') { /* We need to reallocate the constant expression with the right @@ -234,7 +235,7 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp) return 0; } - if (datalen - 1 >= 0 && + if (datalen >= 1 && data[datalen - 1] == '\\') { char unescaped_str[data_len]; |