From: Kevin Day <kevin@kevux.org>
Date: Thu, 9 May 2024 01:51:11 +0000 (-0500)
Subject: Security: Potential buffer overflow on 0 length array.
X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=aaca6af87fffdee45529af3dc444d5733916e1a1;p=controller

Security: Potential buffer overflow on 0 length array.

The length_name_item variable can potentially be zero.
The assignment of "name_item[length_name_item] = 0;" will then result in an assignment on a 0 length array.

This issue has been exposed via GCC's -fanalyzer.
---

diff --git a/sources/c/main/rule/setting.c b/sources/c/main/rule/setting.c
index d7086a0..a717c8d 100644
--- a/sources/c/main/rule/setting.c
+++ b/sources/c/main/rule/setting.c
@@ -40,7 +40,7 @@ extern "C" {
     const f_number_unsigned_t line_item = cache->action.line_item;
     const f_number_unsigned_t length_name_item = cache->action.name_item.used;
 
-    f_char_t name_item[length_name_item];
+    f_char_t name_item[length_name_item + 1];
     name_item[length_name_item] = 0;
 
     memcpy(name_item, cache->action.name_item.string, sizeof(f_char_t) * length_name_item);