1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
|
Description: Better checking of the return value of the Split() function (util.c)
Author: Maxime Chatelle <xakz@rxsoft.eu>
Last-Update: 2014-11-13
Bug-Debian: https://bugs.debian.org/716055
Forwarded: no
--- a/Instant/main.c
+++ b/Instant/main.c
@@ -255,6 +255,11 @@
*cp = ' ';
n = 2;
tok = Split(buf, &n, 0);
+ if (!tok) {
+ fprintf(stderr, "Error: Bad input in variable assignment: %s\n",
+ var);
+ return;
+ }
/* see if variable name matches one of our internal ones */
if (!strcmp(tok[0], "verbose")) verbose = atoi(tok[1]);
else if (!strcmp(tok[0], "warnings")) warnings = atoi(tok[1]);
@@ -474,6 +479,11 @@
case CMD_ATT: /* Aname val */
i = 3;
tok = Split(buf, &i, 0);
+ if (!tok) {
+ fprintf(stderr, "Error: Malformed command, line %d: %c%s\n",
+ e->lineno, c, buf);
+ break;
+ }
if (!strcmp(tok[1], "IMPLIED")) break; /* skip IMPLIED atts. */
if (!strcmp(tok[1], "CDATA") || !strcmp(tok[1], "TOKEN") ||
!strcmp(tok[1], "ENTITY") ||!strcmp(tok[1], "NOTATION"))
@@ -519,6 +529,11 @@
case CMD_EXT_ENT: /* Eename typ nname */
i = 3;
tok = Split(buf, &i, 0);
+ if (!tok) {
+ fprintf(stderr, "Error: Malformed command, line %d: %c%s\n",
+ e->lineno, c, buf);
+ break;
+ }
ent.ename = strdup(tok[0]);
ent.type = strdup(tok[1]);
ent.nname = strdup(tok[2]);
--- a/Instant/browse.c
+++ b/Instant/browse.c
@@ -128,6 +128,10 @@
}
ac = 20;
av = Split(buf, &ac, S_ALVEC);
+ if (!av) {
+ printf("Bad input line entered.\n");
+ break;
+ }
if (ac > 0) cmd = av[0];
if (!cmd || !(*cmd)) continue;
|