mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Properly validate index value received from CDDB server.

Browse Source 
ok deraadt@, millert@
This commit is contained in:
tobias 2014-01-04 15:39:17 +00:00
parent f54c1ecd6e
commit 61dbd8aa4e
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
usr.bin/cdio/cddb.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cddb.c,v 1.17 2013/03/07 16:54:28 espie Exp $ */
/* $OpenBSD: cddb.c,v 1.18 2014/01/04 15:39:17 tobias Exp $ */
/*
* Copyright (c) 2002 Marc Espie.
*
@ -345,7 +345,7 @@ cddb(const char *host_port, int n, struct cd_toc_entry *e, char *arg)
if (!line)
goto end2;
for (;;) {
long k;
int k;
char *end;
line = get_line(cin);
@ -356,10 +356,12 @@ cddb(const char *host_port, int n, struct cd_toc_entry *e, char *arg)
if (strncmp(line, "TTITLE", 6) != 0)
continue;
line += 6;
k = strtol(line, &end, 10);
if (*end++ != '=')
end = strchr(line, '=');
if (end == NULL)
continue;
if (k >= n)
*end++ = '\0';
k = strtonum(line, 0, n - 1, &errstr);
if (errstr != NULL)
continue;
safe_copy(&result[k], end);
}