From dc617a2f2d31e4c448b806791b3f8736cf9d1ffb Mon Sep 17 00:00:00 2001 From: Rolf Eike Beer <eike@sf-mail.de> Date: Tue, 12 May 2020 20:06:38 +0200 Subject: [PATCH 2/4] fix possible signed integer overflow in commands() (CVE-2005-1514) Fix it as suggested by the Qualys Security Advisory team. --- commands.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/commands.c b/commands.c index b0d3f61..90a50c9 100644 --- a/commands.c +++ b/commands.c @@ -10,16 +10,17 @@ int commands(ss,c) substdio *ss; struct commands *c; { - int i; + unsigned int i; char *arg; for (;;) { if (!stralloc_copys(&cmd,"")) return -1; for (;;) { + int j; if (!stralloc_readyplus(&cmd,1)) return -1; - i = substdio_get(ss,cmd.s + cmd.len,1); - if (i != 1) return i; + j = substdio_get(ss,cmd.s + cmd.len,1); + if (j != 1) return j; if (cmd.s[cmd.len] == '\n') break; ++cmd.len; } -- 2.26.1