diff options
author | Kamil Dudka <kdudka@redhat.com> | 2013-05-03 22:57:18 +0200 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2013-05-06 15:00:10 +0200 |
commit | 2de20dd9a1c6ad4d576c60ab704c30abfc826b1a (patch) | |
tree | 3ed0155d793591c89ec6c03d2cb6f20181fde0c3 | |
parent | b47cf4f688297d9cf87a39c8aa328d9d07540e66 (diff) |
tool_getparam: ensure string termination in parse_cert_parameter()
-rw-r--r-- | src/tool_getparam.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 3fed3fb85..429f12bda 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -298,13 +298,13 @@ static void parse_cert_parameter(const char *cert_parameter, size_t span; const char *param_place = NULL; char *certname_place = NULL; + *certname = NULL; *passphrase = NULL; /* most trivial assumption: cert_parameter is empty */ - if(param_length == 0) { - *certname = NULL; + if(param_length == 0) return; - } + /* next less trivial: cert_parameter contains no colon nor backslash; this * means no passphrase was given and no characters escaped */ if(!strpbrk(cert_parameter, ":\\")) { @@ -312,16 +312,17 @@ static void parse_cert_parameter(const char *cert_parameter, return; } /* deal with escaped chars; find unescaped colon if it exists */ - *certname = (char *) malloc(param_length + 1); - param_place = cert_parameter; - certname_place = *certname; + certname_place = malloc(param_length + 1); + if(!certname_place) + return; + + *certname = certname_place; param_place = cert_parameter; while(*param_place) { span = strcspn(param_place, ":\\"); strncpy(certname_place, param_place, span); param_place += span; certname_place += span; - *certname_place = '\0'; /* we just ate all the non-special chars. now we're on either a special * char or the end of the string. */ switch(*param_place) { @@ -374,9 +375,11 @@ static void parse_cert_parameter(const char *cert_parameter, if(strlen(param_place) > 0) { *passphrase = strdup(param_place); } - return; + goto done; } } +done: + *certname_place = '\0'; } ParameterError getparameter(char *flag, /* f or -long-flag */ |