[Asterisk-code-review] func_env: Prevent FILE() from reading garbage at end-of-file (asterisk[master])

Friendly Automation asteriskteam at digium.com
Mon Nov 18 12:38:43 CST 2019 

Friendly Automation has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/13201 )

Change subject: func_env: Prevent FILE() from reading garbage at end-of-file
......................................................................

func_env: Prevent FILE() from reading garbage at end-of-file

If the last line of a file does not have a terminating EOL sequence, we
potentially add garbage to the value returned from the FILE() function.

There is no overflow potential here as we are reading from a buffer of a
known size, we are just reading too much of it.

ASTERISK-26481 #close

Change-Id: I50dd4fcf416fb3c83150040a1a79a59d9eb1ae01
---
M funcs/func_env.c
1 file changed, 3 insertions(+), 2 deletions(-)

Approvals:
  George Joseph: Looks good to me, approved
  Friendly Automation: Approved for Submit



diff --git a/funcs/func_env.c b/funcs/func_env.c
index 861adeb..e625853 100644
--- a/funcs/func_env.c
+++ b/funcs/func_env.c
@@ -709,12 +709,13 @@
 		ast_debug(3, "offset=%" PRId64 ", length=%" PRId64 ", offset_offset=%" PRId64 ", length_offset=%" PRId64 "\n", offset, length, offset_offset, length_offset);
 		for (i = offset_offset; i < flength; i += sizeof(fbuf)) {
 			char *pos;
-			if (fread(fbuf, 1, sizeof(fbuf), ff) < sizeof(fbuf) && !feof(ff)) {
+			size_t bytes_read;
+			if ((bytes_read = fread(fbuf, 1, sizeof(fbuf), ff)) < sizeof(fbuf) && !feof(ff)) {
 				ast_log(LOG_ERROR, "Short read?!!\n");
 				fclose(ff);
 				return -1;
 			}
-			for (pos = fbuf; pos < fbuf + sizeof(fbuf); pos++) {
+			for (pos = fbuf; pos < fbuf + bytes_read; pos++) {
 				LINE_COUNTER(pos, format, current_length);
 
 				if (current_length == length) {

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/13201
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I50dd4fcf416fb3c83150040a1a79a59d9eb1ae01
Gerrit-Change-Number: 13201
Gerrit-PatchSet: 2
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20191118/4a083d8b/attachment.html>

More information about the asterisk-code-review mailing list