From 726a8e3dae196358f6481a2b4c472afc695d3e91 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Sun, 9 Mar 2008 13:50:00 +0100 Subject: [PATCH] Make xundump catch extraneous fields Make deffld() reject fields whose selector has flag NSC_EXTRA set. Since xundump() doesn't provides space for these, the bug could lead to buffer overruns. --- src/lib/common/xundump.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib/common/xundump.c b/src/lib/common/xundump.c index 731cac7d..d1d6f7e8 100644 --- a/src/lib/common/xundump.c +++ b/src/lib/common/xundump.c @@ -352,6 +352,8 @@ deffld(int fldno, char *name, int idx) if (res < 0) return gripe("Header %s of field %d is %s", name, fldno + 1, res == M_NOTUNIQUE ? "ambiguous" : "unknown"); + if (ca[res].ca_flags == NSC_EXTRA) + return gripe("Extraneous header %s in field %d", name, fldno + 1); if (ca[res].ca_type != NSC_STRINGY && ca[res].ca_len != 0) { if (idx < 0) return gripe("Header %s requires an index in field %d",