[master] c7fb55b22 vav: Defer missing quote check
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Fri Jul 2 17:33:05 UTC 2021
commit c7fb55b22827e05e028bca6050a5839d875afcc3
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date: Fri Jul 2 19:29:54 2021 +0200
vav: Defer missing quote check
Otherwise we can still overflow in the absence of a null terminator.
diff --git a/lib/libvarnish/vav.c b/lib/libvarnish/vav.c
index be9db713b..a25ed58fc 100644
--- a/lib/libvarnish/vav.c
+++ b/lib/libvarnish/vav.c
@@ -168,7 +168,7 @@ VAV_ParseTxt(const char *b, const char *e, int *argc, int flag)
p = b;
quote = 0;
}
- while (1) {
+ while (b < e) {
if (*b == '\\' && !(flag & ARGV_NOESC)) {
if (b + 1 >= e) {
argv[0] = err_invalid_backslash;
@@ -193,10 +193,10 @@ VAV_ParseTxt(const char *b, const char *e, int *argc, int flag)
if (*b == '"' && !(flag & ARGV_NOESC))
break;
b++;
- if (b >= e) {
- argv[0] = err_missing_quote;
- return (argv);
- }
+ }
+ if (b >= e && quote) {
+ argv[0] = err_missing_quote;
+ return (argv);
}
if (nargv + 1 >= largv) {
argv = realloc(argv, sizeof (*argv) * (largv += largv));
More information about the varnish-commit
mailing list