From: Zane van Iperen <zane@zanevaniperen.com>
Date: Tue, 15 Feb 2022 14:57:17 +0000 (+1000)
Subject: libuuid: fix buffer overrun in uuid_parse_range()
X-Git-Tag: v2.38-rc2~16^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8596101d21a9bdc85388486ec9c431c114a443e3;p=thirdparty%2Futil-linux.git

libuuid: fix buffer overrun in uuid_parse_range()

It attempts to access in_start[36], despite 35 being the maximum
allowed index.

Reported-by: Pierre-Anthony Lemieux <pal@palemieux.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
---

diff --git a/libuuid/src/parse.c b/libuuid/src/parse.c
index d0c69b0e63..c3e2281121 100644
--- a/libuuid/src/parse.c
+++ b/libuuid/src/parse.c
@@ -58,16 +58,14 @@ int uuid_parse_range(const char *in_start, const char *in_end, uuid_t uu)
 
 	if ((in_end - in_start) != 36)
 		return -1;
-	for (i=0, cp = in_start; i <= 36; i++,cp++) {
+	for (i=0, cp = in_start; i < 36; i++,cp++) {
 		if ((i == 8) || (i == 13) || (i == 18) ||
 		    (i == 23)) {
 			if (*cp == '-')
 				continue;
 			return -1;
 		}
-		if (i== 36)
-			if (*cp == 0)
-				continue;
+
 		if (!isxdigit(*cp))
 			return -1;
 	}