123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- Subject: Fix segfault in pptpctrl argument parser
- Origin: upstream, 1.4.0-18-gd7b9552
- Upstream-Author: Christoph Biedl <sourceforge.bnwi@manchmal.in-ulm.de>
- Date: Fri Jul 8 14:03:18 2016 +1000
- it's easily possible to trigger a segfault in pptpctrl:
-
- This happened when triggering a bug in pptpmanager I am currently
- working on. The check for (argc < 7) isn't sufficient, my suggested
- fix adds a check to any GETARG_* invocation.
-
- Signed-off-by: James Cameron <quozl@laptop.org>
- --- a/pptpctrl.c
- +++ b/pptpctrl.c
- @@ -92,19 +92,29 @@
- #define OUR_NB_MODE O_NDELAY
- #endif
-
- +void usage()
- +{
- + fprintf(stderr, "pptpctrl: insufficient arguments, see man pptpctrl\n");
- + exit(2);
- +}
- +
- /* read a command line argument, a flag alone */
- #define GETARG_INT(X) \
- + if (arg >= argc) usage() ; \
- X = atoi(argv[arg++])
-
- /* read a command line argument, a string alone */
- #define GETARG_STRING(X) \
- + if (arg >= argc) usage() ; \
- X = strdup(argv[arg++])
-
- /* read a command line argument, a presence flag followed by string */
- #define GETARG_VALUE(X) \
- - if(atoi(argv[arg++]) != 0) \
- + if (arg >= argc) usage() ; \
- + if (atoi(argv[arg++]) != 0) { \
- + if (arg >= argc) usage() ; \
- strlcpy(X, argv[arg++], sizeof(X)); \
- - else \
- + } else \
- *X = '\0'
-
- int main(int argc, char **argv)
- @@ -122,10 +132,8 @@
- gargv = argv;
-
- /* fail if argument count invalid */
- - if (argc < 7) {
- - fprintf(stderr, "pptpctrl: insufficient arguments, see man pptpctrl\n");
- - exit(2);
- - }
- + if (argc < 7)
- + usage();
-
- /* open a connection to the syslog daemon */
- openlog("pptpd", LOG_PID, PPTP_FACILITY);
|