[30563] in CVS-changelog-for-Kerberos-V5
krb5 commit: Don't skip past zero byte in profile parsing
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Aug 15 14:02:19 2019
Date: Thu, 15 Aug 2019 14:01:35 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <201908151801.x7FI1Z1D029745@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/a449bfc16c32019fec8b4deea963a3e474b0d14d
commit a449bfc16c32019fec8b4deea963a3e474b0d14d
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Aug 14 11:46:14 2019 -0400
Don't skip past zero byte in profile parsing
In parse_quoted_string(), only process an escape sequence if there is
a second character after the backlash, to avoid reading past the
terminating zero byte. Reported by Lutz Justen.
ticket: 8825 (new)
tags: pullup
target_version: 1.17-next
target_version: 1.16-next
src/util/profile/prof_parse.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
index 531e4a0..7ba44ac 100644
--- a/src/util/profile/prof_parse.c
+++ b/src/util/profile/prof_parse.c
@@ -48,7 +48,7 @@ static void parse_quoted_string(char *str)
char *to, *from;
for (to = from = str; *from && *from != '"'; to++, from++) {
- if (*from == '\\') {
+ if (*from == '\\' && *(from + 1) != '\0') {
from++;
switch (*from) {
case 'n':
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
