From: Kevin Day <Kevin@kevux.org>
Date: Fri, 14 Jun 2024 02:53:39 +0000 (-0500)
Subject: Security: Console parameter single short values array is too small.
X-Git-Tag: 0.6.11~40
X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=f0f5bb6cbd8f32f420f177409bde9e318ca53865;p=fll

Security: Console parameter single short values array is too small.

The short parameters "needs" variable now increases the array size before assignment.

The following command line calls are used to expose the problem and its resolution:
  # fss_basic_list_read specifications/fss.txt +Q -cn "Featureless Settings Specifications" | iki_read +Q -w -rrrrrrrr anti-KISS 'anti-<abbr title="Keep It Simple Stupid">KISS</abbr>' ASCII '<abbr title="American Standard Code for Information Interchange">ASCII</abbr>' BOM '<abbr title="Byte Order Mark">BOM</abbr>' FSS '<abbr title="Featureless Settings Specifications">FSS</abbr>' KISS '<abbr title="Keep It Simple Stupid">KISS</abbr>' UTF-8 '<abbr title="Unicode Transformation Format 8-bit">UTF-8</abbr>' URL '<abbr title="Byte Order Mark">URL</abbr>' XML '<abbr title="Extensible Markup Language">XML</abbr>' -WWW character '<code class="code">' "</code>" code '<code class="code">' '</code>' italic '<em class="em">' '</em>'
---

diff --git a/level_0/f_console/c/console.c b/level_0/f_console/c/console.c
index 5212773..2c2592c 100644
--- a/level_0/f_console/c/console.c
+++ b/level_0/f_console/c/console.c
@@ -305,6 +305,9 @@ extern "C" {
               parameters->array[i].location_sub = location_sub;
               parameters->array[i].locations_sub.array[parameters->array[i].locations_sub.used++] = location_sub;
 
+              status = f_array_lengths_increase_by(parameters->array[i].values_total, &needs);
+              if (F_status_is_error(status)) break;
+
               for (j = 0; j < parameters->array[i].values_total; ++j) {
                 needs.array[needs.used++] = i;
               } // for