From: Kevin Day <thekevinday@gmail.com>
Date: Fri, 18 Feb 2022 04:11:06 +0000 (-0600)
Subject: Security: Executed program string is not NULL terminated.
X-Git-Tag: 0.5.8~32
X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=c2e3a78aa303e8b0df7afa15e830f11b716eb93b;p=fll

Security: Executed program string is not NULL terminated.

While the FLL code doesn't need NULL termination, the C/POSIX execute functions are.
The lack of a NULL terminated results in an invalid read on execute.
---

diff --git a/level_3/controller/c/entry/private-entry.c b/level_3/controller/c/entry/private-entry.c
index 572568e..f4928ee 100644
--- a/level_3/controller/c/entry/private-entry.c
+++ b/level_3/controller/c/entry/private-entry.c
@@ -391,18 +391,26 @@ extern "C" {
 
           action->parameters.array[j].used = 0;
 
-          status = f_string_dynamic_partial_append_nulless(cache->buffer_file, cache->content_actions.array[i].array[j], &action->parameters.array[j]);
+          if (cache->content_actions.array[i].array[j].start > cache->content_actions.array[i].array[j].stop) continue;
 
-          if (F_status_is_error(status)) {
-            controller_entry_print_error(is_entry, global.main->error, cache->action, F_status_set_fine(status), "f_string_dynamic_partial_append_nulless", F_true, global.thread);
+          status = f_string_dynamic_increase_by((cache->content_actions.array[i].array[j].stop - cache->content_actions.array[i].array[j].start) + 1, &action->parameters.array[j]);
 
-            action->status = status;
+          if (F_status_is_error(status)) {
+            controller_entry_print_error(is_entry, global.main->error, cache->action, F_status_set_fine(status), "f_string_dynamic_increase_by", F_true, global.thread);
+          }
+          else {
+            status = f_string_dynamic_partial_append_nulless(cache->buffer_file, cache->content_actions.array[i].array[j], &action->parameters.array[j]);
 
-            if (F_status_is_error_not(status_action)) {
-              status_action = status;
+            if (F_status_is_error(status)) {
+              controller_entry_print_error(is_entry, global.main->error, cache->action, F_status_set_fine(status), "f_string_dynamic_partial_append_nulless", F_true, global.thread);
             }
+            else {
+              status = f_string_dynamic_terminate_after(&action->parameters.array[j]);
 
-            break;
+              if (F_status_is_error(status)) {
+                controller_entry_print_error(is_entry, global.main->error, cache->action, F_status_set_fine(status), "f_string_dynamic_partial_append_nulless", F_true, global.thread);
+              }
+            }
           }
 
           ++action->parameters.used;