evaluate: Fix datalen checks in expr_evaluate_string()

I have been told that the flex scanner won't return empty strings, so
strlen(data) should always be greater 0. To avoid a hard to debug issue
though, add an assert() to make sure this is always the case before
risking an unsigned variable underrun.

A real issue though is the check for 'datalen - 1 >= 0', which will
never fail due to datalen being unsigned. Fix this by incrementing both
sides by one, hence checking 'datalen >= 1'.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 7eb28f2c4b72d468c0f1d999418b3633bbffee4b..fb9b82534d52012bc7e849c96c984d37e9665f8c 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -221,6 +221,7 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp)
        memset(data + len, 0, data_len - len);
        mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len);
 
+       assert(strlen(data) > 0);
        datalen = strlen(data) - 1;
        if (data[datalen] != '*') {
                /* We need to reallocate the constant expression with the right
@@ -234,7 +235,7 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp)
                return 0;
        }
 
-       if (datalen - 1 >= 0 &&
+       if (datalen >= 1 &&
            data[datalen - 1] == '\\') {
                char unescaped_str[data_len];