external/yambar
1
0
Fork 1
mirror of https://codeberg.org/dnkl/yambar.git synced 2025-04-23 20:35:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

module/script: copy ‘value’ to a NULL-terminated string

Browse source 
This ensures e.g. strtol() doesn’t parse data beyond current
tag/value.
This commit is contained in:
Daniel Eklöf 2020-10-25 16:05:20 +01:00
parent 430e505bd2
commit f2814f786e
No known key found for this signature in database
GPG key ID: 5BBD4992C116573F
1 changed files with 14 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
modules/script.c
View file

@ -60,6 +60,9 @@ content(struct module *mod)
static struct tag * static struct tag *
process_line(struct module *mod, const char *line, size_t len) process_line(struct module *mod, const char *line, size_t len)
{ {
char *name = NULL;
char *value = NULL;
const char *_name = line; const char *_name = line;
const char *type = memchr(line, '|', len); const char *type = memchr(line, '|', len);
@ -82,10 +85,14 @@ process_line(struct module *mod, const char *line, size_t len)
(int)len, line, (int)len, line,
(int)name_len, _name, (int)type_len, type, (int)value_len, _value); (int)name_len, _name, (int)type_len, type, (int)value_len, _value);
char *name = malloc(name_len + 1); name = malloc(name_len + 1);
memcpy(name, _name, name_len); memcpy(name, _name, name_len);
name[name_len] = '\0'; name[name_len] = '\0';
value = malloc(value_len + 1);
memcpy(value, _value, value_len);
value[value_len] = '\0';
struct tag *tag = NULL; struct tag *tag = NULL;
if (type_len == 6 && memcmp(type, "string", 6) == 0) if (type_len == 6 && memcmp(type, "string", 6) == 0)
@ -112,10 +119,8 @@ process_line(struct module *mod, const char *line, size_t len)
const char *_start = type + 6; const char *_start = type + 6;
const char *split = memchr(_start, '-', type_len - 6); const char *split = memchr(_start, '-', type_len - 6);
if (split == NULL || split == _start || (split + 1) - type >= type_len) { if (split == NULL || split == _start || (split + 1) - type >= type_len)
free(name);
goto bad_tag; goto bad_tag;
}
const char *_end = split + 1; const char *_end = split + 1;
@ -124,10 +129,8 @@ process_line(struct module *mod, const char *line, size_t len)
long start = 0; long start = 0;
for (size_t i = 0; i < start_len; i++) { for (size_t i = 0; i < start_len; i++) {
if (!(_start[i] >= '0' && _start[i] <= '9')) { if (!(_start[i] >= '0' && _start[i] <= '9'))
free(name);
goto bad_tag; goto bad_tag;
}
start *= 10; start *= 10;
start |= _start[i] - '0'; start |= _start[i] - '0';
@ -135,17 +138,14 @@ process_line(struct module *mod, const char *line, size_t len)
long end = 0; long end = 0;
for (size_t i = 0; i < end_len; i++) { for (size_t i = 0; i < end_len; i++) {
if (!(_end[i] >= '0' && _end[i] < '9')) { if (!(_end[i] >= '0' && _end[i] < '9'))
free(name);
goto bad_tag; goto bad_tag;
}
end *= 10; end *= 10;
end |= _end[i] - '0'; end |= _end[i] - '0';
} }
if (type_len > 9 && memcmp(type, "realtime:", 9) == 0) { if (type_len > 9 && memcmp(type, "realtime:", 9) == 0) {
free(name);
LOG_WARN("unimplemented: realtime tag"); LOG_WARN("unimplemented: realtime tag");
goto bad_tag; goto bad_tag;
} }
@ -155,15 +155,17 @@ process_line(struct module *mod, const char *line, size_t len)
} }
else { else {
free(name);
goto bad_tag; goto bad_tag;
} }
free(name); free(name);
free(value);
return tag; return tag;
bad_tag: bad_tag:
LOG_ERR("invalid: %.*s", (int)len, line); LOG_ERR("invalid: %.*s", (int)len, line);
free(name);
free(value);
return NULL; return NULL;
} }