fix a buffer overflow in libfetch · MidnightBSD/src@18c9c99

Commit

fix a buffer overflow in libfetch

laffer1 committed Jan 28, 2020

1 parent d9407d8 commit 18c9c99

lib/libfetch/fetch.c

-Original file line number
+Diff line change
@@ Expand Up / @@ -329,6 +329,8 @@ fetch_pctdecode(char *dst, const char *src, size_t dlen) @@
     		}
     		if (dlen-- > 0)
     			*dst++ = c;
+    		else
+    			return (NULL);
     	}
     	return (s);
     }
@@ Expand Down Expand Up / @@ -376,11 +378,15 @@ fetchParseURL(const char *URL) @@
     	if (p && *p == '@') {
     		/* username */
     		q = fetch_pctdecode(u->user, URL, URL_USERLEN);
+    		if (q == NULL)
+    			goto ouch;
     		/* password */
-    		if (*q == ':')
+    		if (*q == ':') {
     			q = fetch_pctdecode(u->pwd, q + 1, URL_PWDLEN);
+    			if (q == NULL)
+    				goto ouch;
+    		}
     		p++;
     	} else {
     		p = URL;
@@ Expand Down @@

Please sign in to comment.