parse: perform stringops on stack bufferspace as to avoid overruns

2011-07-26 19:26:56 -05:00 · 2011-07-26 19:26:56 -05:00 · 0142cc68d4
parent 045257bebe
commit 0142cc68d4
1 changed files with 27 additions and 10 deletions
--- a/parse.c
+++ b/parse.c
@ -174,12 +174,16 @@ parse_deplist(pkg_t *pkg, const char *depends)
 	pkg_dependency_t *deplist = NULL;
 	pkg_dependency_t *deplist_head = NULL;
 	pkg_comparator_t compare = PKG_ANY;
+	char buf[BUFSIZ];
 	char *kvdepends = strdup_parse(pkg, depends);
-	char *start = kvdepends;
-	char *ptr = kvdepends;
+	char *start = buf;
+	char *ptr = buf;
 	char *vstart = NULL;
 	char *package, *version;

+	strncpy(buf, kvdepends, BUFSIZ);
+	free(kvdepends);
+
 	while (*ptr)
 	{
 		switch (state)
@ -235,9 +239,17 @@ parse_deplist(pkg_t *pkg, const char *depends)
 				if (deplist_head == NULL)
 					deplist_head = deplist;

-				free(package);
-				package = NULL;
-				version = NULL;
+				if (package != NULL)
+				{
+					free(package);
+					package = NULL;
+				}
+
+				if (version != NULL)
+				{
+					free(version);
+					version = NULL;
+				}
 			}

 			break;
@ -276,11 +288,17 @@ parse_deplist(pkg_t *pkg, const char *depends)
 				if (deplist_head == NULL)
 					deplist_head = deplist;

-				free(package);
-				package = NULL;
+				if (package != NULL)
+				{
+					free(package);
+					package = NULL;
+				}

-				free(version);
-				version = NULL;
+				if (version != NULL)
+				{
+					free(version);
+					version = NULL;
+				}
 			}

 			if (state == OUTSIDE_MODULE)
@ -291,7 +309,6 @@ parse_deplist(pkg_t *pkg, const char *depends)
 		ptr++;
 	}

-	free(kvdepends);
 	return deplist_head;
 }