auth: Prevent dereferencing std::string::end() in SimpleMatch

SimpleMatch is called with user-supplied strings in the API and the
bind backend. We might get away with it in most cases because
std::strings are null-terminated, but it's still undefined behaviour
as there is no guarantee that end() will point to the terminator.

Reported by cppcheck 2.4.1:
```
misc.hh:501:16: warning: Either the condition 'mi==d_mask.end()' is redundant or there is possible dereference of an invalid iterator: mi. [derefInvalidIteratorRedundantCheck]
        while(*mi == '*') ++mi;
               ^
misc.hh:502:16: note: Assuming that condition 'mi==d_mask.end()' is not redundant
        if (mi == d_mask.end()) return true;
               ^
misc.hh:501:16: note: Dereference of an invalid iterator
        while(*mi == '*') ++mi;
```

diff --git a/pdns/misc.hh b/pdns/misc.hh
index 44d44828707c67e3b8250270f82d272ffe63595c..38f06bc1b596e17f73cce42fc2b2e2cdb4fc2a10 100644 (file)
--- a/pdns/misc.hh
+++ b/pdns/misc.hh
@@ -498,7 +498,7 @@ public:
         if (vi == vend) return false;
         ++vi;
       } else if (*mi == '*') {
-        while(*mi == '*') ++mi;
+        while(mi != mend && *mi == '*') ++mi;
         if (mi == d_mask.end()) return true;
         while(vi != vend) {
           if (match(mi,mend,vi,vend)) return true;