From 633183b5d1c298e4335da841926efe96252057b3 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Fri, 5 Sep 2014 13:52:20 -0400 Subject: [PATCH] fix potential read past end of buffer in getnameinfo service name lookup if the loop stopped due to reaching the end of the string, the subsequent increment could possibly move the position one past the end of the buffer. no further writes happen, the reads cannot fault anyway unless the stack completely lacks any zero bytes, and reading junk should not yield an incorrect result from the function either. nonetheless the code was wrong and needs to be fixed. --- src/network/getnameinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/network/getnameinfo.c b/src/network/getnameinfo.c index 2ba66e33..3484fc69 100644 --- a/src/network/getnameinfo.c +++ b/src/network/getnameinfo.c @@ -96,7 +96,7 @@ static void reverse_services(char *buf, int port, int dgram) if ((p=strchr(line, '#'))) *p++='\n', *p=0; for (p=line; *p && !isspace(*p); p++); - if (!p) continue; + if (!*p) continue; *p++ = 0; svport = strtoul(p, &z, 10);