curl-library
[PATCH 5/8] tool_getparam: ensure string termination in parse_cert_parameter()
From: Kamil Dudka <kdudka_at_redhat.com>
Date: Fri, 3 May 2013 23:32:51 +0200
Date: Fri, 3 May 2013 23:32:51 +0200
---
src/tool_getparam.c | 15 +++++++++------
1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 06bffeb..3c8145b 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -299,13 +299,13 @@ static void parse_cert_parameter(const char *cert_parameter,
size_t span;
const char *param_place = NULL;
char *certname_place = NULL;
+ *certname = NULL;
*passphrase = NULL;
/* most trivial assumption: cert_parameter is empty */
- if(param_length == 0) {
- *certname = NULL;
+ if(param_length == 0)
return;
- }
+
/* next less trivial: cert_parameter contains no colon nor backslash; this
* means no passphrase was given and no characters escaped */
if(!strpbrk(cert_parameter, ":\\")) {
@@ -313,9 +313,12 @@ static void parse_cert_parameter(const char *cert_parameter,
return;
}
/* deal with escaped chars; find unescaped colon if it exists */
- *certname = (char *) malloc(param_length + 1);
- param_place = cert_parameter;
- certname_place = *certname;
+ certname_place = malloc(param_length + 1);
+ if(!certname_place)
+ return;
+
+ *certname_place = '\0';
+ *certname = certname_place;
param_place = cert_parameter;
while(*param_place) {
span = strcspn(param_place, ":\\");
--
1.7.1
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-05-03