convert_controls(): buffer overflow possible

From: "Andrew V. Samoilov" <andrew email zp ua>
To: mc-devel gnome org
Subject: convert_controls(): buffer overflow possible
Date: Tue, 28 Sep 2004 11:36:32 +0300 (EEST)

Hi,

one more possible buffer overflow for ".*^$" like strings.

-- 
Regards,
Andrew V. Samoilov.

src/ChangeLog:

	* util.c (convert_controls): Fix possible buffer overflow
	for ".*^" strings.

--- util.c~	Tue Sep 28 09:17:59 2004
+++ util.c	Tue Sep 28 11:29:31 2004
@@ -1019,14 +1019,13 @@ void wipe_password (char *passwd)
 
 /* Convert "\E" -> esc character and ^x to control-x key and ^^ to ^ key */
 /* Returns a newly allocated string */
-char *convert_controls (const char *s)
+char *convert_controls (const char *p)
 {
-    char *valcopy = g_strdup (s);
-    const char *p;
+    char *valcopy = g_strdup (p);
     char *q;
 
     /* Parse the escape special character */
-    for (p = s, q = valcopy; *p;){
+    for (q = valcopy; *p;){
 	if (*p == '\\'){
 	    p++;
 	    if ((*p == 'e') || (*p == 'E')){
@@ -1043,7 +1042,7 @@ char *convert_controls (const char *s)
 		    if (c >= 'a' && c <= 'z') {
 		        *q++ = c - 'a' + 1;
 			p++;
-		    } else
+		    } else if (*p)
 		        p++;
 		}
 	    } else

Follow-Ups:
- Re: convert_controls(): buffer overflow possible
  - From: Pavel S. Shirshov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]