Skip to content

Commit 8cf591a

Browse files
ben-strasserben-strasser
committed
Fixed off-by-one buffer overflow bug; exploit might be possible. Also added checks for nullptrs on internal interfaces.
1 parent 3b439a6 commit 8cf591a

File tree

1 file changed

+26
-10
lines changed

1 file changed

+26
-10
lines changed

csv.h

Lines changed: 26 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -74,8 +74,12 @@ namespace io{
7474
}
7575

7676
void set_file_name(const char*file_name){
77-
std::strncpy(this->file_name, file_name, max_file_name_length);
78-
this->file_name[max_file_name_length] = '\0';
77+
if(file_name != nullptr){
78+
strncpy(this->file_name, file_name, error::max_file_name_length);
79+
this->file_name[error::max_file_name_length] = '\0';
80+
}else{
81+
this->file_name[0] = '\0';
82+
}
7983
}
8084

8185
char file_name[max_file_name_length+1];
@@ -417,8 +421,12 @@ namespace io{
417421
}
418422

419423
void set_file_name(const char*file_name){
420-
strncpy(this->file_name, file_name, error::max_file_name_length);
421-
this->file_name[error::max_file_name_length] = '\0';
424+
if(file_name != nullptr){
425+
strncpy(this->file_name, file_name, error::max_file_name_length);
426+
this->file_name[error::max_file_name_length] = '\0';
427+
}else{
428+
this->file_name[0] = '\0';
429+
}
422430
}
423431

424432
const char*get_truncated_file_name()const{
@@ -498,8 +506,12 @@ namespace io{
498506
}
499507

500508
void set_column_name(const char*column_name){
501-
std::strncpy(this->column_name, column_name, max_column_name_length);
502-
this->column_name[max_column_name_length] = '\0';
509+
if(column_name != nullptr){
510+
std::strncpy(this->column_name, column_name, max_column_name_length);
511+
this->column_name[max_column_name_length] = '\0';
512+
}else{
513+
this->column_name[0] = '\0';
514+
}
503515
}
504516

505517
char column_name[max_column_name_length+1];
@@ -514,8 +526,12 @@ namespace io{
514526
}
515527

516528
void set_column_content(const char*column_content){
517-
std::strncpy(this->column_content, column_content, max_column_content_length);
518-
this->column_content[max_column_content_length] = '\0';
529+
if(column_content != nullptr){
530+
std::strncpy(this->column_content, column_content, max_column_content_length);
531+
this->column_content[max_column_content_length] = '\0';
532+
}else{
533+
this->column_content[0] = '\0';
534+
}
519535
}
520536

521537
char column_content[max_column_content_length+1];
@@ -683,9 +699,9 @@ namespace io{
683699

684700
public:
685701
static void trim(char*&str_begin, char*&str_end){
686-
while(is_trim_char(*str_begin, trim_char_list...) && str_begin != str_end)
702+
while(str_begin != str_end && is_trim_char(*str_begin, trim_char_list...))
687703
++str_begin;
688-
while(is_trim_char(*(str_end-1), trim_char_list...) && str_begin != str_end)
704+
while(str_begin != str_end && is_trim_char(*(str_end-1), trim_char_list...))
689705
--str_end;
690706
*str_end = '\0';
691707
}

0 commit comments

Comments
 (0)