prevent buffer overflow in dbpf

2020-06-22 13:23:26 +02:00
parent dec4fc30d9
commit 73b86d4921
1 changed files with 7 additions and 1 deletions
--- a/modules/database/src/ioc/db/dbTest.c
+++ b/modules/database/src/ioc/db/dbTest.c
@@ -399,12 +399,18 @@ long dbpf(const char *pname,const char *pvalue)
            for (n = 0; *p && n < addr.no_elements; n++) {
                char* c = array[n];
                while (isspace(*p)) p++;
+                pvalue = p;
                while (*p && !isspace(*p)) {
                    if (p[0] == '\\' && p[1]) p++;
+                    if (c >= array[n+1]-1) {
+                        printf("Value [%ld] %.*s too long\n", n, (int)(p-pvalue), pvalue);
+                        free(array);
+                        return -1;
+                    }
                    *c++=*p++;
                }
            }
-            pvalue = (void*)array;
+            pvalue = array[0];
        }
    }
    status = dbPutField(&addr, dbrType, pvalue, n);