cherry-pick.1.4.0-18-gd7b9552.fix-segfault-in-pptpctrl-argument-parser.patch 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960
  1. Subject: Fix segfault in pptpctrl argument parser
  2. Origin: upstream, 1.4.0-18-gd7b9552
  3. Upstream-Author: Christoph Biedl <sourceforge.bnwi@manchmal.in-ulm.de>
  4. Date: Fri Jul 8 14:03:18 2016 +1000
  5. it's easily possible to trigger a segfault in pptpctrl:
  6. This happened when triggering a bug in pptpmanager I am currently
  7. working on. The check for (argc < 7) isn't sufficient, my suggested
  8. fix adds a check to any GETARG_* invocation.
  9. Signed-off-by: James Cameron <quozl@laptop.org>
  10. --- a/pptpctrl.c
  11. +++ b/pptpctrl.c
  12. @@ -92,19 +92,29 @@
  13. #define OUR_NB_MODE O_NDELAY
  14. #endif
  15. +void usage()
  16. +{
  17. + fprintf(stderr, "pptpctrl: insufficient arguments, see man pptpctrl\n");
  18. + exit(2);
  19. +}
  20. +
  21. /* read a command line argument, a flag alone */
  22. #define GETARG_INT(X) \
  23. + if (arg >= argc) usage() ; \
  24. X = atoi(argv[arg++])
  25. /* read a command line argument, a string alone */
  26. #define GETARG_STRING(X) \
  27. + if (arg >= argc) usage() ; \
  28. X = strdup(argv[arg++])
  29. /* read a command line argument, a presence flag followed by string */
  30. #define GETARG_VALUE(X) \
  31. - if(atoi(argv[arg++]) != 0) \
  32. + if (arg >= argc) usage() ; \
  33. + if (atoi(argv[arg++]) != 0) { \
  34. + if (arg >= argc) usage() ; \
  35. strlcpy(X, argv[arg++], sizeof(X)); \
  36. - else \
  37. + } else \
  38. *X = '\0'
  39. int main(int argc, char **argv)
  40. @@ -122,10 +132,8 @@
  41. gargv = argv;
  42. /* fail if argument count invalid */
  43. - if (argc < 7) {
  44. - fprintf(stderr, "pptpctrl: insufficient arguments, see man pptpctrl\n");
  45. - exit(2);
  46. - }
  47. + if (argc < 7)
  48. + usage();
  49. /* open a connection to the syslog daemon */
  50. openlog("pptpd", LOG_PID, PPTP_FACILITY);