osmocom
/
libosmocore
mirror of https://gerrit.osmocom.org/libosmocore
14
0
Fork 1
Code Issues Releases Wiki Activity

ctrl: Avoid accessing cmd_desc->command out of bounds 

We check that the amount of commands is not more than
we have but we don't check it the other way. It appears
that the vector is allowed to be bigger than the amount
of commands. So we match a prefix of a longer command
depending on the installation order.
This commit is contained in:
Holger Hans Peter Freyther 2015-04-05 14:36:31 +02:00
parent 4e0543f730
commit 5fb265eaa7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ctrl/control_cmd.c
View File

@ -86,7 +86,7 @@ static struct ctrl_cmd_element *ctrl_cmd_get_element_match(vector vline, vector
cmd_desc = &cmd_el->strcmd;
if (cmd_desc->nr_commands > vector_active(vline))
continue;
for (j =0; j < vector_active(vline); j++) {
for (j =0; j < vector_active(vline) && j < cmd_desc->nr_commands; j++) {
str = vector_slot(vline, j);
desc = cmd_desc->command[j];
if (desc[0] == '*')