cmdline: check size of result buffer to avoid overflow

[libcmdline.git] / src / genconf / parse_confnode.c

diff --git a/src/genconf/parse_confnode.c b/src/genconf/parse_confnode.c
index 5c8202bdf99e694df64e31211e3fe0d6faf8050f..b25166fce817452eba009cadb92815838c7a973f 100644 (file)
--- a/src/genconf/parse_confnode.c
+++ b/src/genconf/parse_confnode.c
@@ -135,7 +135,8 @@ get_from_idx(struct confnode *n, unsigned int *cur, unsigned int idx,
 }
 
 int
-parse_conf_node(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
+parse_conf_node(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
+               unsigned ressize)
 {
        struct token_conf_node *tk2 = (struct token_conf_node *)tk;
        struct token_conf_node_data *tkd = &tk2->conf_node_data;
@@ -144,6 +145,9 @@ parse_conf_node(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
        unsigned int token_len = 0;
        char token[CMDLINE_MAX_TOKEN_SIZE];
 
+       if (res && ressize < sizeof(struct confnode *))
+               return -1;
+
        /* if token is too big... */
        token_len = snprintf(token, sizeof(token), "%s", buf);
        if (token_len >= sizeof(token))