matthias
/
iproute2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ss: fix crash with invalid command input file 

If given an invalid input file with -F flag, ss would crash.
Examples of invalid input are line to long, or null file.

Found by fuzzing with ASAN.

Reported-by:Bug Basher <iamliketohack@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This commit is contained in:
Stephen Hemminger 2017-12-18 09:51:02 -08:00
parent ae8e1cb83b
commit 5073581835
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
misc/ssfilter.y
View File

@ -202,15 +202,23 @@ int yylex(void)
argc++;
} else if (yy_fp) {
while (tokptr == NULL) {
if (fgets(argbuf, sizeof(argbuf)-1, yy_fp) == NULL)
size_t len;
if (fgets(argbuf, sizeof(argbuf), yy_fp) == NULL)
return 0;
argbuf[sizeof(argbuf)-1] = 0;
if (strlen(argbuf) == sizeof(argbuf) - 1) {
fprintf(stderr, "Too long line in filter");
len = strnlen(argbuf, sizeof(argbuf));
if (len == 0) {
fprintf(stderr, "Invalid line\n");
exit(-1);
}
if (argbuf[strlen(argbuf)-1] == '\n')
argbuf[strlen(argbuf)-1] = 0;
if (len >= sizeof(argbuf) - 1) {
fprintf(stderr, "Too long line in filter\n");
exit(-1);
}
if (argbuf[len - 1] == '\n')
argbuf[len-1] = 0;
if (argbuf[0] == '#' || argbuf[0] == '0')
continue;
tokptr = argbuf;