From: Kevin Day <thekevinday@gmail.com>
Date: Sat, 9 Jul 2022 22:19:55 +0000 (-0500)
Subject: Security: Invalid read when using -s/--settings in fake program.
X-Git-Tag: 0.6.0~78
X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=922831b8494e71cffe2ef55e20e95275f1faaf6d;p=fll

Security: Invalid read when using -s/--settings in fake program.

The Featureless Make -s/--settings parameter handling code has a typoe where the wrong enumeration is used.
This results in an invalid read.
---

diff --git a/level_3/fake/c/private-fake.c b/level_3/fake/c/private-fake.c
index 171d7c9..30617ad 100644
--- a/level_3/fake/c/private-fake.c
+++ b/level_3/fake/c/private-fake.c
@@ -603,7 +603,7 @@ extern "C" {
 
       // If a custom --data or a custom --settings parameter is passed and uses an absolute or relative to current path, then do not check.
       if (data->main->parameters.array[fake_parameter_settings_e].result == f_console_result_additional_e) {
-        const f_array_length_t index = data->main->parameters.array[fake_parameter_fakefile_e].values.array[data->main->parameters.array[fake_parameter_fakefile_e].values.used - 1];
+        const f_array_length_t index = data->main->parameters.array[fake_parameter_settings_e].values.array[data->main->parameters.array[fake_parameter_settings_e].values.used - 1];
 
         if (f_path_is_absolute(data->main->parameters.arguments.array[index]) == F_true || f_path_is_relative_current(data->main->parameters.arguments.array[index]) == F_true) {
           parameters_required[1] = F_none;