Fix crash on parsing some inf files

ndiscvt uses 16 entry array for words into which it parses comma-separated lists of strings, like AddReg line in [somesection] AddReg = foo.reg, bar.reg, baz.reg, quiz.reg Overflows were not checked so it crashed on a line with 17 words encountered in some Broadcom/Dell Wireless 1704 802.11b-g-n driver So extend the array up to 32 entries and add an overflow check. Reviewed by: bapt Approved by: bapt MFC after: 2 weeks Differential Revision: D3713
svn path=/head/; revision=288120
2024-12-14 10:09:48 +00:00 · 2015-09-22 16:59:41 +00:00 · 2015-09-22 16:59:41 +00:00 · a40531fcf8 · 2020-12-20 02:59:44 +00:00
commit a40531fcf8
parent c9dbb1cc52
2 changed files with 7 additions and 1 deletions
--- a/usr.sbin/ndiscvt/inf.c
+++ b/usr.sbin/ndiscvt/inf.c
@ -887,6 +887,12 @@ regkey_add (const char *r)
 void
 push_word (const char *w)
 {
+
+	if (idx == W_MAX) {
+		fprintf(stderr, "too many words; try bumping W_MAX in inf.h\n");
+		exit(1);
+	}
+
 	if (w && strlen(w))
 		words[idx++] = w;
 	else
--- a/usr.sbin/ndiscvt/inf.h
+++ b/usr.sbin/ndiscvt/inf.h
@ -4,7 +4,7 @@
 * $FreeBSD$
 */

-#define W_MAX	16
+#define W_MAX	32

 struct section {
 	const char *	name;