summaryrefslogtreecommitdiff
path: root/apt-pkg/cachefilter.cc
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2016-08-31 11:36:44 +0200
committerJulian Andres Klode <jak@debian.org>2016-08-31 12:12:56 +0200
commitce6cd75dc367b92f65e4fb539dd166d0f3361f8c (patch)
tree7e0e708bf9862a8a0020d50dfb79a3dd8ecbf894 /apt-pkg/cachefilter.cc
parent317bb39f3cd6626c74f25d7bdf2907f1b235f553 (diff)
Fix segfault and out-of-bounds read in Binary fields
If a Binary field contains one or more spaces before a comma, the code produced a segmentation fault, as it accidentally set a pointer to 0 instead of the value of the pointer. If the comma is at the beginning of the field, the code would create a binStartNext that points one element before the start of the string, which is undefined behavior. We also need to check that we do not exit the string during the replacement of spaces before commas: A string of the form " ," would normally exit the boundary of the Buffer: binStartNext = offset 1 ',' binEnd = offset 0 ' ' isspace_ascii(*binEnd) = true => --binEnd => binEnd = - 1 We get rid of the problem by only allowing spaces to be eliminated if they are not the first character of the buffer: binStartNext = offset 1 ',' binEnd = offset 0 ' ' binEnd > buffer = false, isspace_ascii(*binEnd) = true => exit loop => binEnd remains 0
Diffstat (limited to 'apt-pkg/cachefilter.cc')
0 files changed, 0 insertions, 0 deletions