mirror of
https://github.com/Unidata/netcdf-c.git
synced 2024-11-27 07:30:33 +08:00
Fix stack buffer overflow in nc4_check_name()
nc4_check_name() checks that the provided string doesn't exceed NC_MAX_NAME, but fails to do so after calling nc_utf8_normalize(). This extra check is needed since a caller of nc4_check_name(), like NC4_def_dim, allocates norm_name as char norm_name[NC_MAX_NAME + 1] Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2840 Credit to OSS-Fuzz
This commit is contained in:
parent
d18378c69b
commit
1989ddc252
@ -102,6 +102,11 @@ nc4_check_name(const char *name, char *norm_name)
|
|||||||
retval = nc_utf8_normalize((const unsigned char *)name,(unsigned char**)&temp);
|
retval = nc_utf8_normalize((const unsigned char *)name,(unsigned char**)&temp);
|
||||||
if(retval != NC_NOERR)
|
if(retval != NC_NOERR)
|
||||||
return retval;
|
return retval;
|
||||||
|
if( strlen(temp) > NC_MAX_NAME )
|
||||||
|
{
|
||||||
|
free(temp);
|
||||||
|
return NC_EMAXNAME;
|
||||||
|
}
|
||||||
strcpy(norm_name, temp);
|
strcpy(norm_name, temp);
|
||||||
free(temp);
|
free(temp);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user