From 3184d0008b5522ac26d29a4cf6f3cf9534ccb1e2 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Thu, 13 Jun 2024 21:52:11 -0500 Subject: [PATCH] Security: Console parameter single short values array is too small. The short parameters "needs" variable now increases the array size before assignment. The following command line calls are used to expose the problem and its resolution: # fss_basic_list_read specifications/fss.txt +Q -cn "Featureless Settings Specifications" | iki_read +Q -w -rrrrrrrr anti-KISS 'anti-KISS' ASCII 'ASCII' BOM 'BOM' FSS 'FSS' KISS 'KISS' UTF-8 'UTF-8' URL 'URL' XML 'XML' -WWW character '' "" code '' '' italic '' '' --- level_0/f_console/c/console.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/level_0/f_console/c/console.c b/level_0/f_console/c/console.c index c8a1cdb..960fbcf 100644 --- a/level_0/f_console/c/console.c +++ b/level_0/f_console/c/console.c @@ -438,6 +438,9 @@ extern "C" { parameters->array[i].location_sub = process.location_sub; parameters->array[i].locations_sub.array[parameters->array[i].locations_sub.used++] = process.location_sub; + state->status = f_memory_array_increase_by(parameters->array[i].values_total, sizeof(f_number_unsigned_t), (void **) &process.needs.array, &process.needs.used, &process.needs.size); + if (F_status_is_error(state->status)) break; + for (j = 0; j < parameters->array[i].values_total; ++j) { process.needs.array[process.needs.used++] = i; } // for -- 1.8.3.1