[master] 2fd5e9228 vav: Missing bound check
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Fri Jul 2 16:22:04 UTC 2021
commit 2fd5e9228c7224a5d954b1f1f56b29f55ab868c0
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date: Fri Jul 2 18:09:23 2021 +0200
vav: Missing bound check
diff --git a/lib/libvarnish/vav.c b/lib/libvarnish/vav.c
index 53de58fa5..0b76301b7 100644
--- a/lib/libvarnish/vav.c
+++ b/lib/libvarnish/vav.c
@@ -172,6 +172,10 @@ VAV_ParseTxt(const char *b, const char *e, int *argc, int flag)
}
while (1) {
if (*b == '\\' && !(flag & ARGV_NOESC)) {
+ if (b + 1 >= e) {
+ argv[0] = err_invalid_backslash;
+ return (argv);
+ }
i = VAV_BackSlash(b, NULL);
if (i == 0) {
argv[0] = err_invalid_backslash;
@@ -333,6 +337,7 @@ static const struct test_case *tests[] = {
TEST_PASS(0 , "foo #bar", "foo", "#bar"),
TEST_PASS(K , "foo #bar", "foo"),
TEST_PASS( N, "\\", "\\"),
+ TEST_FAIL(0 , "\\", invalid_backslash),
TEST_FAIL(0 , "\"foo", missing_quote),
NULL
#undef N
More information about the varnish-commit
mailing list