Merge pull request #163 from ebfe/proplib

lib/portableproplib: fix various oob reads/segfaults
This commit is contained in:
Juan RP 2016-04-07 16:25:46 +02:00
commit 375cc30a47
2 changed files with 13 additions and 11 deletions

View File

@ -393,10 +393,11 @@ _prop_object_internalize_find_tag(struct _prop_object_internalize_context *ctx,
ctx->poic_tagname = cp; ctx->poic_tagname = cp;
while (!_PROP_ISSPACE(*cp) && *cp != '/' && *cp != '>') while (!_PROP_ISSPACE(*cp) && *cp != '/' && *cp != '>') {
if (_PROP_EOF(*cp))
return (false);
cp++; cp++;
if (_PROP_EOF(*cp)) }
return (false);
ctx->poic_tagname_len = cp - ctx->poic_tagname; ctx->poic_tagname_len = cp - ctx->poic_tagname;
@ -439,10 +440,11 @@ _prop_object_internalize_find_tag(struct _prop_object_internalize_context *ctx,
ctx->poic_tagattr = cp; ctx->poic_tagattr = cp;
while (!_PROP_ISSPACE(*cp) && *cp != '=') while (!_PROP_ISSPACE(*cp) && *cp != '=') {
if (_PROP_EOF(*cp))
return (false);
cp++; cp++;
if (_PROP_EOF(*cp)) }
return (false);
ctx->poic_tagattr_len = cp - ctx->poic_tagattr; ctx->poic_tagattr_len = cp - ctx->poic_tagattr;
@ -454,10 +456,11 @@ _prop_object_internalize_find_tag(struct _prop_object_internalize_context *ctx,
return (false); return (false);
ctx->poic_tagattrval = cp; ctx->poic_tagattrval = cp;
while (*cp != '\"') while (*cp != '\"') {
if (_PROP_EOF(*cp))
return (false);
cp++; cp++;
if (_PROP_EOF(*cp)) }
return (false);
ctx->poic_tagattrval_len = cp - ctx->poic_tagattrval; ctx->poic_tagattrval_len = cp - ctx->poic_tagattrval;
cp++; cp++;

View File

@ -107,8 +107,7 @@ typedef enum {
#define _PROP_EOF(c) ((c) == '\0') #define _PROP_EOF(c) ((c) == '\0')
#define _PROP_ISSPACE(c) \ #define _PROP_ISSPACE(c) \
((c) == ' ' || (c) == '\t' || (c) == '\n' || (c) == '\r' || \ ((c) == ' ' || (c) == '\t' || (c) == '\n' || (c) == '\r')
_PROP_EOF(c))
#define _PROP_TAG_MATCH(ctx, t) \ #define _PROP_TAG_MATCH(ctx, t) \
_prop_object_internalize_match((ctx)->poic_tagname, \ _prop_object_internalize_match((ctx)->poic_tagname, \