summaryrefslogtreecommitdiff
path: root/libbb
diff options
context:
space:
mode:
authorDenis Vlasenko2008-03-24 00:04:42 +0000
committerDenis Vlasenko2008-03-24 00:04:42 +0000
commit0b6c6a9c9f555a33d681290cce77510460457c03 (patch)
tree0d5f95c0cc0a2f6945aa97fa50266e8b8288da75 /libbb
parenta79428998d76c1758ca12546e5db945a0cd64518 (diff)
downloadbusybox-0b6c6a9c9f555a33d681290cce77510460457c03.zip
busybox-0b6c6a9c9f555a33d681290cce77510460457c03.tar.gz
lpd: fix OOM vulnerability (was eating arbitrarily large commands)
Diffstat (limited to 'libbb')
-rw-r--r--libbb/read.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/libbb/read.c b/libbb/read.c
index 5754465..9c025e3 100644
--- a/libbb/read.c
+++ b/libbb/read.c
@@ -152,13 +152,14 @@ char *reads(int fd, char *buffer, size_t size)
// Read one line a-la fgets. Reads byte-by-byte.
// Useful when it is important to not read ahead.
// Bytes are appended to pfx (which must be malloced, or NULL).
-char *xmalloc_reads(int fd, char *buf)
+char *xmalloc_reads(int fd, char *buf, size_t *maxsz_p)
{
char *p;
- int sz = buf ? strlen(buf) : 0;
+ size_t sz = buf ? strlen(buf) : 0;
+ size_t maxsz = maxsz_p ? *maxsz_p : MAXINT(size_t);
goto jump_in;
- while (1) {
+ while (sz < maxsz) {
if (p - buf == sz) {
jump_in:
buf = xrealloc(buf, sz + 128);
@@ -178,6 +179,8 @@ char *xmalloc_reads(int fd, char *buf)
p++;
}
*p++ = '\0';
+ if (maxsz_p)
+ *maxsz_p = p - buf - 1;
return xrealloc(buf, p - buf);
}