Fix crashes in the config parser

It had a duality between not requiring null-terminated input
and relying on it, depending on where you looked.
This commit is contained in:
Přemysl Eric Janouch 2020-10-11 22:00:25 +02:00
parent c2c5031538
commit 7e5b6c5343
Signed by: p
GPG Key ID: A0420B94F92B9493

View File

@ -5087,18 +5087,21 @@ config_tokenizer_next (struct config_tokenizer *self, struct error **e)
return CONFIG_T_STRING; return CONFIG_T_STRING;
} }
char *end; // Our input doesn't need to be NUL-terminated but we want to use strtoll()
char buf[48] = "", *end = buf;
size_t buf_len = MIN (sizeof buf - 1, self->len);
errno = 0; errno = 0;
self->integer = strtoll (self->p, &end, 10); self->integer = strtoll (strncpy (buf, self->p, buf_len), &end, 10);
if (errno == ERANGE) if (errno == ERANGE)
{ {
config_tokenizer_error (self, e, "integer out of range"); config_tokenizer_error (self, e, "integer out of range");
return CONFIG_T_ABORT; return CONFIG_T_ABORT;
} }
if (end != self->p) if (end != buf)
{ {
self->len -= end - self->p; self->len -= end - buf;
self->p = end; self->p += end - buf;
return CONFIG_T_INTEGER; return CONFIG_T_INTEGER;
} }
@ -5111,7 +5114,7 @@ config_tokenizer_next (struct config_tokenizer *self, struct error **e)
str_reset (&self->string); str_reset (&self->string);
do do
str_append_c (&self->string, config_tokenizer_advance (self)); str_append_c (&self->string, config_tokenizer_advance (self));
while (config_tokenizer_is_word_char (*self->p)); while (self->len && config_tokenizer_is_word_char (*self->p));
if (!strcmp (self->string.str, "null")) if (!strcmp (self->string.str, "null"))
return CONFIG_T_NULL; return CONFIG_T_NULL;