authorHolger Hans Peter Freyther <holger@moiji-mobile.com>2015-04-05 14:36:31 +0200
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2015-04-05 14:40:10 +0200
ctrl: Avoid accessing cmd_desc->command out of bounds
We check that the amount of commands is not more than we have but we don't check it the other way. It appears that the vector is allowed to be bigger than the amount of commands. So we match a prefix of a longer command depending on the installation order.
@@ -86,7 +86,7 @@ static struct ctrl_cmd_element *ctrl_cmd_get_element_match(vector vline, vector
cmd_desc = &cmd_el->strcmd;
if (cmd_desc->nr_commands > vector_active(vline))
- for (j =0; j < vector_active(vline); j++) {
+ for (j =0; j < vector_active(vline) && j < cmd_desc->nr_commands; j++) {
str = vector_slot(vline, j);
desc = cmd_desc->command[j];
if (desc[0] == '*')