Security: Console parameter single short values array is too small.

The short parameters "needs" variable now increases the array size before assignment.

The following command line calls are used to expose the problem and its resolution:
  # fss_basic_list_read specifications/fss.txt +Q -cn "Featureless Settings Specifications" | iki_read +Q -w -rrrrrrrr anti-KISS 'anti-<abbr title="Keep It Simple Stupid">KISS</abbr>' ASCII '<abbr title="American Standard Code for Information Interchange">ASCII</abbr>' BOM '<abbr title="Byte Order Mark">BOM</abbr>' FSS '<abbr title="Featureless Settings Specifications">FSS</abbr>' KISS '<abbr title="Keep It Simple Stupid">KISS</abbr>' UTF-8 '<abbr title="Unicode Transformation Format 8-bit">UTF-8</abbr>' URL '<abbr title="Byte Order Mark">URL</abbr>' XML '<abbr title="Extensible Markup Language">XML</abbr>' -WWW character '<code class="code">' "</code>" code '<code class="code">' '</code>' italic '<em class="em">' '</em>'

diff --git a/level_0/f_console/c/console.c b/level_0/f_console/c/console.c
index c8a1cdbb182a28b816bb46673d8916ee903ffb97..960fbcf991c8f67cfb0caca3a0b85c1133b17912 100644 (file)
--- a/level_0/f_console/c/console.c
+++ b/level_0/f_console/c/console.c
@@ -438,6 +438,9 @@ extern "C" {
                 parameters->array[i].location_sub = process.location_sub;
                 parameters->array[i].locations_sub.array[parameters->array[i].locations_sub.used++] = process.location_sub;
 
+                state->status = f_memory_array_increase_by(parameters->array[i].values_total, sizeof(f_number_unsigned_t), (void **) &process.needs.array, &process.needs.used, &process.needs.size);
+                if (F_status_is_error(state->status)) break;
+
                 for (j = 0; j < parameters->array[i].values_total; ++j) {
                   process.needs.array[process.needs.used++] = i;
                 } // for