From 7a5b4c505e4d460239ac8a36b4fbccf222cd6134 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 30 Aug 2016 19:39:49 +0200 Subject: evaluate: Fix datalen checks in expr_evaluate_string() I have been told that the flex scanner won't return empty strings, so strlen(data) should always be greater 0. To avoid a hard to debug issue though, add an assert() to make sure this is always the case before risking an unsigned variable underrun. A real issue though is the check for 'datalen - 1 >= 0', which will never fail due to datalen being unsigned. Fix this by incrementing both sides by one, hence checking 'datalen >= 1'. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- src/evaluate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/evaluate.c b/src/evaluate.c index 7eb28f2c..fb9b8253 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -221,6 +221,7 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp) memset(data + len, 0, data_len - len); mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len); + assert(strlen(data) > 0); datalen = strlen(data) - 1; if (data[datalen] != '*') { /* We need to reallocate the constant expression with the right @@ -234,7 +235,7 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp) return 0; } - if (datalen - 1 >= 0 && + if (datalen >= 1 && data[datalen - 1] == '\\') { char unescaped_str[data_len]; -- cgit v1.2.3