diff options
author | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-04-05 14:36:31 +0200 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2015-04-05 14:40:10 +0200 |
commit | 5fb265eaa725928b59b44aa9bfe8959256014ba1 (patch) | |
tree | 8b583430fe6b7598beac1cd855dca0c2d20793b8 /src/ctrl | |
parent | 4e0543f730b255849305787ecce89867e89f40f8 (diff) |
ctrl: Avoid accessing cmd_desc->command out of bounds
We check that the amount of commands is not more than
we have but we don't check it the other way. It appears
that the vector is allowed to be bigger than the amount
of commands. So we match a prefix of a longer command
depending on the installation order.
Diffstat (limited to 'src/ctrl')
-rw-r--r-- | src/ctrl/control_cmd.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/ctrl/control_cmd.c b/src/ctrl/control_cmd.c index 4e156b81..3dbcf8f6 100644 --- a/src/ctrl/control_cmd.c +++ b/src/ctrl/control_cmd.c @@ -86,7 +86,7 @@ static struct ctrl_cmd_element *ctrl_cmd_get_element_match(vector vline, vector cmd_desc = &cmd_el->strcmd; if (cmd_desc->nr_commands > vector_active(vline)) continue; - for (j =0; j < vector_active(vline); j++) { + for (j =0; j < vector_active(vline) && j < cmd_desc->nr_commands; j++) { str = vector_slot(vline, j); desc = cmd_desc->command[j]; if (desc[0] == '*') |