From 7acdebf6c072b30cd91873d95143e184cf4663f0 Mon Sep 17 00:00:00 2001 From: Thomas Egerer Date: Thu, 27 Feb 2014 09:45:08 +0100 Subject: [PATCH] settings: Avoid conf file parsing beyond allocated buffer A valgrind analysis of libstrongswan revealed an invalid read of 1 in the function starts_with(). A more thorough analysis proved this to be true and showed that with a specially crafted config file (e.g. a single '#'-character not followed by a newline), the parser might even interpret the random memory contents following the allocated buffer as part of the configuration file. The way the parser is designed, it must be able to skip an inserted '\0' and continue parsing. Since it is not able to skip two '\0' characters, the 'fix' of allocating two more bytes than the size of the parsed file and setting them to '\0' seems to be a safe bet. Signed-off-by: Thomas Egerer --- src/libstrongswan/utils/settings.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libstrongswan/utils/settings.c b/src/libstrongswan/utils/settings.c index 490490a1e8..a76287b01b 100644 --- a/src/libstrongswan/utils/settings.c +++ b/src/libstrongswan/utils/settings.c @@ -1244,8 +1244,8 @@ static bool parse_file(linked_list_t *contents, char *file, int level, fseek(fd, 0, SEEK_END); len = ftell(fd); rewind(fd); - text = malloc(len + 1); - text[len] = '\0'; + text = malloc(len + 2); + text[len] = text[len + 1] = '\0'; if (fread(text, 1, len, fd) != len) { free(text); -- 2.47.3