[OpenSIPS-Devel] [OpenSIPS/opensips] 315b7c: cfg parser: Avoid unnecessary strlen on error case

Liviu Chircu Wed, 22 May 2024 09:51:05 -0700

  Branch: refs/heads/3.5
  Home:   https://github.com/OpenSIPS/opensips
  Commit: 315b7c35586f3d2288a013f32edaf2e7eb5ef378
      
https://github.com/OpenSIPS/opensips/commit/315b7c35586f3d2288a013f32edaf2e7eb5ef378
  Author: Liviu Chircu <li...@opensips.org>
  Date:   2024-05-22 (Wed, 22 May 2024)


  Changed paths:
    M cfg_pp.c

  Log Message:
  -----------
  cfg parser: Avoid unnecessary strlen on error case

When getline() returns -1, the @lineptr argument is never safe to read,
nor is this recommended.  So when both rc == -1 and EOF conditions
occur, it is safe to assume we read 0 bytes, without doing the strlen().

Many thanks to Dhiraj Mishra (@RandomDhiraj) for detecting, documenting
and reporting the potential risk of a heap buffer overflow here!

(cherry picked from commit 50b651c230eec5daaf52f8742a9c3dd92123f3d2)



To unsubscribe from these emails, change your notification settings at 
https://github.com/OpenSIPS/opensips/settings/notifications

_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel

[OpenSIPS-Devel] [OpenSIPS/opensips] 315b7c: cfg parser: Avoid unnecessary strlen on error case

Reply via email to