mirror of
https://github.com/Unidata/netcdf-c.git
synced 2024-11-21 03:13:42 +08:00
Fix stack buffer overflow in nc4_check_name()
nc4_check_name() checks that the provided string doesn't exceed NC_MAX_NAME, but fails to do so after calling nc_utf8_normalize(). This extra check is needed since a caller of nc4_check_name(), like NC4_def_dim, allocates norm_name as char norm_name[NC_MAX_NAME + 1] Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2840 Credit to OSS-Fuzz
This commit is contained in:
parent
d18378c69b
commit
1989ddc252
@ -102,6 +102,11 @@ nc4_check_name(const char *name, char *norm_name)
|
||||
retval = nc_utf8_normalize((const unsigned char *)name,(unsigned char**)&temp);
|
||||
if(retval != NC_NOERR)
|
||||
return retval;
|
||||
if( strlen(temp) > NC_MAX_NAME )
|
||||
{
|
||||
free(temp);
|
||||
return NC_EMAXNAME;
|
||||
}
|
||||
strcpy(norm_name, temp);
|
||||
free(temp);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user