krb5 commit [krb5-1.17]: Don't skip past zero byte in profile parsing
Greg Hudson
ghudson at mit.edu
Mon Dec 9 18:23:46 EST 2019
https://github.com/krb5/krb5/commit/ec12007a9b0c048e304715cbe07b13338cbfac11
commit ec12007a9b0c048e304715cbe07b13338cbfac11
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Aug 14 11:46:14 2019 -0400
Don't skip past zero byte in profile parsing
In parse_quoted_string(), only process an escape sequence if there is
a second character after the backlash, to avoid reading past the
terminating zero byte. Reported by Lutz Justen.
(cherry picked from commit a449bfc16c32019fec8b4deea963a3e474b0d14d)
ticket: 8825
version_fixed: 1.17.1
src/util/profile/prof_parse.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
index 531e4a0..7ba44ac 100644
--- a/src/util/profile/prof_parse.c
+++ b/src/util/profile/prof_parse.c
@@ -48,7 +48,7 @@ static void parse_quoted_string(char *str)
char *to, *from;
for (to = from = str; *from && *from != '"'; to++, from++) {
- if (*from == '\\') {
+ if (*from == '\\' && *(from + 1) != '\0') {
from++;
switch (*from) {
case 'n':
More information about the cvs-krb5
mailing list