diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2019-11-06 08:18:12 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2019-11-06 08:18:12 +0000 |
| commit | 13ea451fa5ed5f4d20d07286f94bacc0aa4b7d92 (patch) | |
| tree | e6de39d458108486d3b2e6bb3ff86f7bf850dba0 | |
| parent | 0d8305e8d730de6cf7bc0c0e31e6100302f011ac (diff) | |
The memory returned by realloc(NULL, ...) is uninitalized. Therefore make
sure that on the first round the buffer is set to an empty string so that
strlcat() works correctly. Also check for strlcat() overflow and error out
in case it happens.
Found by infrequent regress test failures.
| -rw-r--r-- | usr.sbin/rpki-client/tal.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/usr.sbin/rpki-client/tal.c b/usr.sbin/rpki-client/tal.c index 3e434f5e990..da78bb70c1e 100644 --- a/usr.sbin/rpki-client/tal.c +++ b/usr.sbin/rpki-client/tal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tal.c,v 1.11 2019/11/06 07:04:03 claudio Exp $ */ +/* $OpenBSD: tal.c,v 1.12 2019/11/06 08:18:11 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -201,9 +201,12 @@ tal_read_file(const char *file) /* concat line to buf */ if ((nbuf = realloc(buf, bsz + n + 1)) == NULL) err(EXIT_FAILURE, NULL); + if (buf == NULL) + nbuf[0] = '\0'; /* initialize buffer */ buf = nbuf; bsz += n + 1; - strlcat(buf, line, bsz); + if (strlcat(buf, line, bsz) >= bsz) + errx(EXIT_FAILURE, "strlcat overflow"); /* limit the buffer size */ if (bsz > 4096) errx(EXIT_FAILURE, "%s: file too big", file); |