diff options
| author | xhe <xw897002528@gmail.com> | 2018-12-09 13:27:24 +0800 |
|---|---|---|
| committer | rofl0r <retnyg@gmx.net> | 2019-01-16 02:38:18 +0000 |
| commit | c4075b1f5d5a503f2063c130d3348dc94663ff1e (patch) | |
| tree | 7278526aa0132ac3b93be2c020fce3f74d2e7d71 | |
| parent | b4c057ed629ecfb4973769b45b9ab7a9af3224ca (diff) | |
| download | gettext-tiny-c4075b1f5d5a503f2063c130d3348dc94663ff1e.tar.gz | |
poparser: avoid invalid memory access
1. y-x is larger than the charset string by 8. we should write to
[y-x-8] instead. it may lead to a memory corruption.
2. though, i've checked before: the maxiumum length of charset string
should be 11. let's avoid meeting a unknown charset, or an invalid one.
| -rw-r--r-- | src/poparser.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/poparser.c b/src/poparser.c index 7ed00d7..75f2b0f 100644 --- a/src/poparser.c +++ b/src/poparser.c @@ -55,8 +55,12 @@ static inline enum po_error poparser_feed_hdr(struct po_parser *p, po_message_t if ((x = strstr(msg->str[0], "charset="))) { for (y = x; *y && !isspace(*y); y++); + + if ((y-x-8) > sizeof(p->hdr.charset)) + return -po_unsupported_charset; + memcpy(p->hdr.charset, x+8, y-x-8); - p->hdr.charset[y-x] = 0; + p->hdr.charset[y-x-8] = 0; p->cd = iconv_open("UTF-8", p->hdr.charset); if (p->cd == (iconv_t)-1) { |