[ovs-dev] [PATCH] lex: Fix parsing of long tokens.
Gregory Rose
gvrose8192 at gmail.com
Fri Jan 5 18:20:21 UTC 2018
On 1/2/2018 11:15 AM, Ben Pfaff wrote:
> When a token is longer than the built-in 256-byte buffer, a buffer is
> malloc()'d but it was not properly null-terminated.
>
> Found by afl-fuzz.
>
> Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
> Signed-off-by: Ben Pfaff <blp at ovn.org>
> ---
> ovn/lib/lex.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ovn/lib/lex.c b/ovn/lib/lex.c
> index 6f2b570f5c65..2f49af0e91e2 100644
> --- a/ovn/lib/lex.c
> +++ b/ovn/lib/lex.c
> @@ -89,7 +89,7 @@ lex_token_strcpy(struct lex_token *token, const char *s, size_t length)
> ? token->buffer
> : xmalloc(length + 1));
> memcpy(token->s, s, length);
> - token->buffer[length] = '\0';
> + token->s[length] = '\0';
> }
>
> void
Reviewed-by: Greg Rose <gvrose8192 at gmail.com>
More information about the dev
mailing list