From: Jared Wong Date: Fri, 13 Dec 2013 08:00:20 +0000 (-0500) Subject: Fixed check for i < line_size. X-Git-Tag: gnutls_3_3_0pre0~470 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=85458552e5252fc56aa4abceb85c4bef3600c33e;p=thirdparty%2Fgnutls.git Fixed check for i < line_size. All checks were being done where the line_size check was done last. This allows data to be read from one past teh end of the line buffer. In C, accessing data outside of an array is undefined behavior and may cause yet known problems. Additionally, the compiler may end up making some unreasonable assumptions under the pretense that the programmer is never wrong and would not access data outside of the array. --- diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index c11ad45cef..c553b4a26b 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -173,8 +173,8 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, char *username, while (getline(&line, &line_size, fd) > 0) { /* move to first ':' */ i = 0; - while ((line[i] != ':') && (line[i] != '\0') - && (i < line_size)) { + while ((i < line_size) && (line[i] != '\0') + && (line[i] != ':')) { i++; } diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index c05262280f..b25fe9f683 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -209,8 +209,8 @@ pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) while (getline(&line, &line_size, fd) > 0) { /* move to first ':' */ i = 0; - while ((line[i] != ':') && (line[i] != '\0') - && (i < line_size)) { + while ((i < line_size) && (line[i] != ':') + && (line[i] != '\0')) { i++; } @@ -316,8 +316,8 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, while (getline(&line, &line_size, fd) > 0) { /* move to first ':' */ i = 0; - while ((line[i] != ':') && (line[i] != '\0') - && (i < line_size)) { + while ((i < line_size) && (line[i] != '\0') + && (line[i] != ':')) { i++; }