Control: tags -1 confirmed
On 2021-05-10 22:35:28, Anton Gladky wrote:
> Control: tags -1 -moreinfo
>
> Hi Sebastian,
>
> Thanks for looking into this issue. Yes, it is intentional. We should always
> check whether first_raw is NULL or not.
Then please go ahead.
Cheers
>
> I have reproduced the issue in the CI-pipeline [1], and the proposed patch
> fixes
> the issue [2]: no more segfault, just an error message due to exploit.
>
> [1] https://salsa.debian.org/science-team/libgetdata/-/jobs/1631525
> [2] https://salsa.debian.org/science-team/libgetdata/-/jobs/1633848
>
> Anton
>
>
> Am Mo., 10. Mai 2021 um 22:27 Uhr schrieb Sebastian Ramacher <
> sramacher@debian.org>:
> <skip>
>
> > > +--- libgetdata-0.10.0.orig/src/parse.c
> > > ++++ libgetdata-0.10.0/src/parse.c
> > > +@@ -2504,6 +2504,9 @@ char *_GD_ParseFragment(FILE *restrict f
> > > + if (D->error == GD_E_OK && !match)
> > > + first_raw = _GD_ParseFieldSpec(D, p, n_cols, in_cols,
> > strlen(in_cols[0]),
> > > + NULL, me, 0, 1, &outstring, tok_pos);
> > > ++ if (first_raw == NULL) {
> > > ++ _GD_SetError(D, GD_E_BAD_DIRFILE, GD_E_ENTRY_TYPE, NULL, 0,
> > NULL);
> > > ++ }
> >
> > Is it intentional that newly addeded if is evaluated in any case or is
> > this patch missing curly brackets for the body of "if (D->error =
> > GD_E_OK && !match)"?
> >
--
Sebastian Ramacher