diff options
author | Aaron Merey <amerey@redhat.com> | 2022-11-01 17:51:00 -0400 |
---|---|---|
committer | Aaron Merey <amerey@redhat.com> | 2022-11-01 17:51:00 -0400 |
commit | 04b1a3aae24b21c3f02b915b2416eba886992bed (patch) | |
tree | 60a4d5232d577150333136bbd447bce831efa00c | |
parent | fb833750c395ce268d16fd44e4decafbb41208a8 (diff) | |
download | elfutils-04b1a3aae24b21c3f02b915b2416eba886992bed.tar.gz |
debuginfod-client: Fix out-of-bounds write
Return early from path_escape when '\0' is seen in order to prevent
an out-of-bounds write to the dest buffer.
Signed-off-by: Aaron Merey <amerey@redhat.com>
-rw-r--r-- | debuginfod/debuginfod-client.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c index d097ca49..0c4a00cf 100644 --- a/debuginfod/debuginfod-client.c +++ b/debuginfod/debuginfod-client.c @@ -595,8 +595,7 @@ path_escape (const char *src, char *dest) { case '\0': dest[q] = '\0'; - q = PATH_MAX-1; /* escape for loop too */ - break; + return; case '/': /* escape / to prevent dir escape */ dest[q++]='#'; dest[q++]='#'; |