Module Name: src
Committed By: christos
Date: Sun Nov 25 16:21:05 UTC 2018
Modified Files:
src/lib/libedit: read.c
Log Message:
>From Yuichiro Naito (FreeBSD):
hrs@ says that
(cbp >= MB_LEN_MAX) condition is necessary for checking invalid
byte sequences. If malicious input was given, libedit would read
byte sequences forever.
To generate a diff of this commit:
cvs rdiff -u -r1.104 -r1.105 src/lib/libedit/read.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libedit/read.c
diff -u src/lib/libedit/read.c:1.104 src/lib/libedit/read.c:1.105
--- src/lib/libedit/read.c:1.104 Sun Nov 18 12:09:39 2018
+++ src/lib/libedit/read.c Sun Nov 25 11:21:04 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: read.c,v 1.104 2018/11/18 17:09:39 christos Exp $ */
+/* $NetBSD: read.c,v 1.105 2018/11/25 16:21:04 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
@@ -37,7 +37,7 @@
#if 0
static char sccsid[] = "@(#)read.c 8.1 (Berkeley) 6/4/93";
#else
-__RCSID("$NetBSD: read.c,v 1.104 2018/11/18 17:09:39 christos Exp $");
+__RCSID("$NetBSD: read.c,v 1.105 2018/11/25 16:21:04 christos Exp $");
#endif
#endif /* not lint && not SCCSID */
@@ -335,6 +335,11 @@ read_char(EditLine *el, wchar_t *cp)
goto again;
}
case (size_t)-2:
+ if (cbp >= MB_LEN_MAX) {
+ errno = EILSEQ;
+ *cp = L'\0';
+ return -1;
+ }
/* Incomplete sequence, read another byte. */
goto again;
default:
