svn commit: r365055 - head/lib/libc/tests/resolv
John Baldwin
jhb at FreeBSD.org
Tue Sep 1 16:20:43 UTC 2020
Author: jhb
Date: Tue Sep 1 16:20:42 2020
New Revision: 365055
URL: https://svnweb.freebsd.org/changeset/base/365055
Log:
Fix a buffer overrun.
getln() returns 'len' valid characters. line[len] is out of bounds.
Reported by: CHERI
Reviewed by: brooks
Obtained from: CheriBSD
MFC after: 2 weeks
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D26197
Modified:
head/lib/libc/tests/resolv/resolv_test.c
Modified: head/lib/libc/tests/resolv/resolv_test.c
==============================================================================
--- head/lib/libc/tests/resolv/resolv_test.c Tue Sep 1 16:17:21 2020 (r365054)
+++ head/lib/libc/tests/resolv/resolv_test.c Tue Sep 1 16:20:42 2020 (r365055)
@@ -76,15 +76,15 @@ load(const char *fname)
if ((fp = fopen(fname, "r")) == NULL)
ATF_REQUIRE(fp != NULL);
while ((line = fgetln(fp, &len)) != NULL) {
- char c = line[len];
+ char c = line[len - 1];
char *ptr;
- line[len] = '\0';
+ line[len - 1] = '\0';
for (ptr = strtok(line, WS); ptr; ptr = strtok(NULL, WS)) {
if (ptr == '\0' || ptr[0] == '#')
continue;
sl_add(hosts, strdup(ptr));
}
- line[len] = c;
+ line[len - 1] = c;
}
(void)fclose(fp);
More information about the svn-src-all
mailing list