diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2020-03-18 10:01:53 +0000 |
---|---|---|
committer | Ander Juaristi <a@juaristi.eus> | 2020-03-23 17:00:58 +0100 |
commit | 7e43ed8acceb84f140ed090195b3100d80f3ccc2 (patch) | |
tree | 940c37546d2bf0ed2ef107ed70b6191ba9a3c6ee | |
parent | 62292ca51a43de56eaa396740c7e7fd70b41b4d4 (diff) | |
download | gnutls-7e43ed8acceb84f140ed090195b3100d80f3ccc2.tar.gz |
Ensure that an incorrectly formatted password file doesn't cause invalid memory access
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | lib/auth/psk_passwd.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index 4bdb4e02c4..a0427914f9 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -100,7 +100,8 @@ static bool username_matches(const gnutls_datum_t *username, i++; } - if (line[0] == '#') { + /* if format is in hex, e.g. #FAFAFA */ + if (line[0] == '#' && line_size > 1) { hexline.data = (void *) &line[1]; hexline.size = i - 1; |