diff options
| author | Aaron Merey <amerey@redhat.com> | 2022-11-01 17:51:00 -0400 |
|---|---|---|
| committer | Frank Ch. Eigler <fche@redhat.com> | 2023-04-07 10:53:26 -0400 |
| commit | 98f1d9aeb0143c11d0d3529fc595db16c792e2dc (patch) | |
| tree | 2eea8d4994b0c32b24f9da940fe7f9b7aff0e696 | |
| parent | 91eda624d5c33a848e9f285a8f57eb89120f928d (diff) | |
| download | elfutils-98f1d9aeb0143c11d0d3529fc595db16c792e2dc.tar.gz | |
debuginfod-client: Fix out-of-bounds write
Return early from path_escape when '\0' is seen in order to prevent
an out-of-bounds write to the dest buffer.
Signed-off-by: Aaron Merey <amerey@redhat.com>
| -rw-r--r-- | debuginfod/debuginfod-client.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c index 8167911f..a3031321 100644 --- a/debuginfod/debuginfod-client.c +++ b/debuginfod/debuginfod-client.c @@ -937,8 +937,7 @@ path_escape (const char *src, char *dest) { case '\0': dest[q] = '\0'; - q = PATH_MAX-1; /* escape for loop too */ - break; + return; case '/': /* escape / to prevent dir escape */ dest[q++]='#'; dest[q++]='#'; |