cmdline: check size of result buffer to avoid overflow

[libcmdline.git] / src / genconf / parse_confnode.c

diff --git a/src/genconf/parse_confnode.c b/src/genconf/parse_confnode.c
index b4da9dd..b25166f 100644 (file)
--- a/src/genconf/parse_confnode.c
+++ b/src/genconf/parse_confnode.c
@@ -135,27 +135,24 @@ get_from_idx(struct confnode *n, unsigned int *cur, unsigned int idx,
 }
 
 int
-parse_conf_node(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
+parse_conf_node(cmdline_parse_token_hdr_t *tk, const char *buf, void *res,
+               unsigned ressize)
 {
        struct token_conf_node *tk2 = (struct token_conf_node *)tk;
        struct token_conf_node_data *tkd = &tk2->conf_node_data;
        struct confnode *n;
        struct confnode_list l;
        unsigned int token_len = 0;
-       char token[BUFSIZ];
+       char token[CMDLINE_MAX_TOKEN_SIZE];
 
-       if (*buf == 0)
+       if (res && ressize < sizeof(struct confnode *))
                return -1;
 
-       while(!cmdline_isendoftoken(buf[token_len]))
-               token_len++;
-
-       if (token_len > sizeof(token) - 1)
+       /* if token is too big... */
+       token_len = snprintf(token, sizeof(token), "%s", buf);
+       if (token_len >= sizeof(token))
                return -1;
 
-       memcpy(token, buf, token_len);
-       token[token_len] = '\0';
-
        TAILQ_INIT(&l);
 
        /* absolute path */
@@ -181,7 +178,7 @@ parse_conf_node(cmdline_parse_token_hdr_t *tk, const char *buf, void *res)
        if (res)
                *(struct confnode **)res = TAILQ_FIRST(&l);
 
-        return token_len;
+       return token_len;
 }
 
 int complete_get_nb_conf_node(cmdline_parse_token_hdr_t *tk)