From 7bf3f5b7c2c0a0e6456420602c5cc4f839d56d22 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Thu, 21 Jul 2022 19:01:21 -0500 Subject: [PATCH] Security: Invalid read when processing an empty fakefile. The check should be a greater than or equal to rather than a greater than. The code really shouldn't get here anyway. Do not continue processing if fakefile is empty. --- level_3/fake/c/private-make-operate.c | 8 +++++++- level_3/fake/c/private-make-operate.h | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/level_3/fake/c/private-make-operate.c b/level_3/fake/c/private-make-operate.c index b713c00..483e523 100644 --- a/level_3/fake/c/private-make-operate.c +++ b/level_3/fake/c/private-make-operate.c @@ -80,6 +80,12 @@ extern "C" { return status; } + if (!data_make.buffer.used) { + fake_make_data_delete(&data_make); + + return F_data_not; + } + if (data_make.setting_make.fail == fake_make_operation_fail_type_exit_e) { data_make.error.prefix = fl_print_error_s; data_make.error.suffix = f_string_empty_s; @@ -1111,7 +1117,7 @@ extern "C" { if (F_status_is_error(*status) || *status == F_child) return data_make->data->main->child; - if (id_section > data_make->fakefile.used) { + if (id_section >= data_make->fakefile.used) { *status = F_status_set_error(F_parameter); fll_error_print(data_make->error, F_parameter, "fake_make_operate_section", F_true); diff --git a/level_3/fake/c/private-make-operate.h b/level_3/fake/c/private-make-operate.h index f22bb87..1785514 100644 --- a/level_3/fake/c/private-make-operate.h +++ b/level_3/fake/c/private-make-operate.h @@ -23,6 +23,7 @@ extern "C" { * * @return * F_none on success. + * F_data_not on success but fakefile is empty. * * F_interrupt (with error bit) on receiving a terminate process signal, such as an interrupt signal. * -- 1.8.3.1