]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0dedcb3)
JSON: Fix string parsing when \\ escape is at the end of buffer
authorJouni Malinen <j@w1.fi>
Sat, 9 Feb 2019 23:40:36 +0000 (01:40 +0200)
committerJouni Malinen <j@w1.fi>
Mon, 11 Feb 2019 00:35:29 +0000 (02:35 +0200)
This would have resulted in reading one octet past the end of the buffer
before rejecting the string.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/utils/json.c patch | blob | blame | history

diff --git a/src/utils/json.c b/src/utils/json.c
index c6ada05480874dd07368f30524131f0c05a0c868..b64433959ff7ba9dcfbee5e1732a1de8a32c3a44 100644 (file)
--- a/src/utils/json.c
+++ b/src/utils/json.c
@@ -103,6 +103,11 @@ static char * json_parse_string(const char **json_pos, const char *end)
                        return str;
                case '\\':
                        pos++;
+                       if (pos >= end) {
+                               wpa_printf(MSG_DEBUG,
+                                          "JSON: Truncated \\ escape");
+                               goto fail;
+                       }
                        switch (*pos) {
                        case '"':
                        case '\\':
Unnamed repository; edit this file 'description' to name the repository.