GNOME.org
 

[glib/glib-2-68: 2/4] tlscertificate: Avoid possible invalid read


commit bdd36797fcdbae999e6adb5e5019e088b1418234
Author: Peter Bloomfield <PeterBloomfield bellsouth net>
Date:   Fri Jun 4 11:16:46 2021 -0400

    tlscertificate: Avoid possible invalid read
    
    In various places, do not read past the end of the data.
    Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2416

 gio/gtlscertificate.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
---
diff --git a/gio/gtlscertificate.c b/gio/gtlscertificate.c
index 9d00272f8..b246e0c87 100644
--- a/gio/gtlscertificate.c
+++ b/gio/gtlscertificate.c
@@ -286,6 +286,7 @@ parse_private_key (const gchar *data,
                   GError **error)
 {
   const gchar *header_start = NULL, *header_end, *footer_start = NULL, *footer_end;
+  const gchar *data_end = data + data_len;
 
   header_end = g_strstr_len (data, data_len, PEM_PRIVKEY_HEADER_END);
   if (header_end)
@@ -322,7 +323,7 @@ parse_private_key (const gchar *data,
 
   footer_end += strlen (PEM_PRIVKEY_FOOTER_END);
 
-  while (*footer_end == '\r' || *footer_end == '\n')
+  while ((footer_end < data_end) && (*footer_end == '\r' || *footer_end == '\n'))
     footer_end++;
 
   return g_strndup (header_start, footer_end - header_start);
@@ -356,7 +357,7 @@ parse_next_pem_certificate (const gchar **data,
       return NULL;
     }
   end += strlen (PEM_CERTIFICATE_FOOTER);
-  while (*end == '\r' || *end == '\n')
+  while ((end < data_end) && (*end == '\r' || *end == '\n'))
     end++;
 
   *data = end;
@@ -388,7 +389,7 @@ parse_and_create_certificate_list (const gchar  *data,
   /* If we read one certificate successfully, let's see if we can read
    * some more. If not, we will simply return a list with the first one.
    */
-  while (p && *p)
+  while (p < end && p && *p)
     {
       gchar *cert_pem;
       GError *error = NULL;
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]