From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 14 Aug 2019 15:46:14 +0000 (-0400)
Subject: Don't skip past zero byte in profile parsing
X-Git-Tag: krb5-1.18-beta1~77
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a449bfc16c32019fec8b4deea963a3e474b0d14d;p=thirdparty%2Fkrb5.git

Don't skip past zero byte in profile parsing

In parse_quoted_string(), only process an escape sequence if there is
a second character after the backlash, to avoid reading past the
terminating zero byte.  Reported by Lutz Justen.

ticket: 8825 (new)
tags: pullup
target_version: 1.17-next
target_version: 1.16-next
---

diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
index 531e4a0990..7ba44aca6e 100644
--- a/src/util/profile/prof_parse.c
+++ b/src/util/profile/prof_parse.c
@@ -48,7 +48,7 @@ static void parse_quoted_string(char *str)
     char *to, *from;
 
     for (to = from = str; *from && *from != '"'; to++, from++) {
-        if (*from == '\\') {
+        if (*from == '\\' && *(from + 1) != '\0') {
             from++;
             switch (*from) {
             case 'n':