Mercurial Mercurial > sustaining > oi_151a > illumos-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
5378 CVE-2014-3158 ppp: integer overflow in option parsing
authorAlexander Pyhalov <apyhalov@gmail.com>
Thu, 30 Apr 2015 18:39:45 +0100
changeset 14273 6610e0950c09
parent 14272 37c368188711
child 14274 9313d2be2f5f
5378 CVE-2014-3158 ppp: integer overflow in option parsing
usr/src/cmd/cmd-inet/usr.bin/pppd/options.c file | annotate | diff | comparison | revisions 
--- a/usr/src/cmd/cmd-inet/usr.bin/pppd/options.c	Sun Dec 14 13:17:16 2014 +0000
+++ b/usr/src/cmd/cmd-inet/usr.bin/pppd/options.c	Thu Apr 30 18:39:45 2015 +0100
@@ -31,7 +31,6 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
 #define RCSID	"$Id: options.c,v 1.74 2000/04/15 01:27:13 masputra Exp $"
 
 #include <ctype.h>
@@ -1315,9 +1314,10 @@
 	    /*
 	     * Store the resulting character for the escape sequence.
 	     */
-	    if (len < MAXWORDLEN-1)
+	    if (len < MAXWORDLEN) {
 		word[len] = value;
-	    ++len;
+		++len;
+	    }
 
 	    if (!got)
 		c = getc(f);
@@ -1350,9 +1350,10 @@
 	/*
 	 * An ordinary character: store it in the word and get another.
 	 */
-	if (len < MAXWORDLEN-1)
+	if (len < MAXWORDLEN) {
 	    word[len] = c;
-	++len;
+	    ++len;
+	}
 
 	c = getc(f);
     }
sustaining/oi_151a/illumos-gate