overflow in normalize_string

jrossi / issue-migration-test

GNU General Public License v2.0

1 stars 0 forks source link

overflow in normalize_string #20

Closed jrossi closed 10 years ago

jrossi commented 10 years ago

Hi, can you fix the overflow in src/rootcheck/common.c -> normalize_string something like: char normalize_string(char str) { int str_sz = strlen(str) -1; while(str[str_sz] == ' ' || str[str_sz] == '\t') { str[str_sz--] = '\0'; }

while(*str != '\0') {
    if(*str == ' ' || *str == '\t') {
        str++;
    } else {
        break;
    }
}

return(str);

}

Best regards

Note: This issue has been automatically migrated from Bitbucket Created by cgzones on 2012-09-20 21:02:52+00:00, last updated: 2012-10-09 23:25:20+00:00

jrossi commented 10 years ago

Thank you! This is fixed.

Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2012-09-21 19:46:23+00:00

jrossi commented 10 years ago

fixed with commit 55cce5145b3c

Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2012-09-21 19:47:45+00:00

jrossi commented 10 years ago

hi, thanks for quick response. i think my fix was incomplete: if a empty string is given (a string only contaning ' ' and '\t') the first while loop reaches str[-1](or am i wrong) (see https://bitbucket.org/cgzones/ossec-hids/src/94f6ac91228b/src/rootcheck/common.c)

Note: This comment has been automatically migrated from Bitbucket Created by cgzones on 2012-09-21 20:25:53+00:00

jrossi commented 10 years ago

Completed the incomplete fix on normalize_string()

Note: This comment has been automatically migrated from Bitbucket Created by jbcheng on 2012-10-09 23:26:09+00:00