From: Vincent Bernat Date: Fri, 8 May 2026 21:11:41 +0000 (+0200) Subject: client/tokenizer: heap-allocate the work buffer X-Git-Tag: 1.0.22~17 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=ee7c2bec7edbfb322a2f1f2b8ae0688be8a1608e;p=thirdparty%2Flldpd.git client/tokenizer: heap-allocate the work buffer Replace the variable-length array sized by 2 * strlen(line) + 3 with a calloc()/free() pair. Long input lines (e.g. read from a config file) could otherwise grow the stack without bound. Co-Authored-By: Claude Opus 4.7 (1M context) --- diff --git a/src/client/tokenizer.c b/src/client/tokenizer.c index c4cdda66..cd25438c 100644 --- a/src/client/tokenizer.c +++ b/src/client/tokenizer.c @@ -17,6 +17,7 @@ #include "client.h" +#include #include /** * Tokenize the given line. We support quoted strings and escaped characters @@ -42,8 +43,9 @@ tokenize_line(const char *line, int *argc, char ***argv) int escaped = 0; int ipos = 0; char quote = 0; - char input[2 * strlen(line) + 3]; /* 3 = 2 for '\n ' and 1 for \0 */ - memset(input, 0, 2 * strlen(line) + 3); + size_t input_len = 2 * strlen(line) + 3; /* 3 = 2 for '\n ' and 1 for \0 */ + char *input = calloc(1, input_len); + if (input == NULL) return -1; for (int pos = 0; line[pos]; pos++) { if (line[pos] == '#' && !escaped && !quote) break; if (!escaped && strchr(escapes, line[pos])) @@ -60,7 +62,10 @@ tokenize_line(const char *line, int *argc, char ***argv) escaped = 0; } } - if (escaped || quote) return 1; + if (escaped || quote) { + free(input); + return 1; + } /* Trick to not have to handle \0 in a special way */ input[ipos++] = ifs[0]; input[ipos++] = ' '; @@ -100,9 +105,11 @@ tokenize_line(const char *line, int *argc, char ***argv) *argc = iargc; *argv = iargv; + free(input); return 0; error: + free(input); tokenize_free(iargc, iargv); return -1; }