diff mbox series

ss: fix crash with invalid command input file

Message ID 20171218175221.26449-1-stephen@networkplumber.org
State Accepted, archived
Delegated to: stephen hemminger
Headers show
Series ss: fix crash with invalid command input file | expand

Commit Message

Stephen Hemminger Dec. 18, 2017, 5:52 p.m. UTC 
If given an invalid input file with -F flag, ss would crash.
Examples of invalid input are line to long, or null file.

Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
---
 misc/ssfilter.y | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)
diff mbox series

Patch

diff --git a/misc/ssfilter.y b/misc/ssfilter.y
index ba82b65f712b..4db3c95faa3c 100644
--- a/misc/ssfilter.y
+++ b/misc/ssfilter.y
@@ -202,15 +202,23 @@  int yylex(void)
 				argc++;
 			} else if (yy_fp) {
 				while (tokptr == NULL) {
-					if (fgets(argbuf, sizeof(argbuf)-1, yy_fp) == NULL)
+					size_t len;
+
+					if (fgets(argbuf, sizeof(argbuf), yy_fp) == NULL)
 						return 0;
-					argbuf[sizeof(argbuf)-1] = 0;
-					if (strlen(argbuf) == sizeof(argbuf) - 1) {
-						fprintf(stderr, "Too long line in filter");
+
+					len = strnlen(argbuf, sizeof(argbuf));
+					if (len == 0) {
+						fprintf(stderr, "Invalid line\n");
+						exit(-1);
+					}
+
+					if (len >= sizeof(argbuf) - 1) {
+						fprintf(stderr, "Too long line in filter\n");
 						exit(-1);
 					}
-					if (argbuf[strlen(argbuf)-1] == '\n')
-						argbuf[strlen(argbuf)-1] = 0;
+					if (argbuf[len - 1] == '\n')
+						argbuf[len-1] = 0;
 					if (argbuf[0] == '#' || argbuf[0] == '0')
 						continue;
 					tokptr = argbuf;