- Fix for #1062: declaration before statement, avoid print of null,

  and redundant check for array size.
And changelog note for merge of #1062.

diff --git a/doc/Changelog b/doc/Changelog
index 8d2ce0cde66374b19851389693eeec0f8415d578..4dc521edea0b121a171cc8047b9e8d3508bcea0e 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,9 @@
+7 May 2024: Wouter
+       - Merge #1062: Fix potential overflow bug while parsing port in
+         function cfg_mark_ports.
+       - Fix for #1062: declaration before statement, avoid print of null,
+         and redundant check for array size.
+
 1 May 2024: Wouter
        - Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li
          from the Network and Information Security Lab of Tsinghua University

diff --git a/util/config_file.c b/util/config_file.c
index 4a3b7d77f76a24fcd0690676fd4534db13c95201..2ac6c468055ea5fff6522a032062cc5192021095 100644 (file)
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -1776,12 +1776,13 @@ init_outgoing_availports(int* a, int num)
 static int
 extract_port_from_str(const char* str, int max_port) {
        char* endptr;
+       long int value;
        if (str == NULL || *str == '\0') {
-               log_err("str: '%s' is invalid", str);
+               log_err("str: '%s' is invalid", (str?str:"NULL"));
                return -1;
        }
 
-       long int value = strtol(str, &endptr, 10);
+       value = strtol(str, &endptr, 10);
        if ((endptr == str) || (*endptr != '\0'))  {
                log_err("cannot parse port number '%s'", str);
                return -1;
@@ -1820,7 +1821,8 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
                        log_err("Failed to parse the port number");
                        return 0;
                }
-               avail[port] = (allow?port:0);
+               if(port < num)
+                       avail[port] = (allow?port:0);
        } else {
                char buf[16];
                int i, low;