From cd6e82a79269e29177eb8b0a9dc7936ec5bce69d Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Tue, 22 Nov 2022 19:43:16 -0600 Subject: [PATCH] Security: Invalid access when calling fake without 'make' or 'build'. This is caused by the F_data_not return result not being processed in some of the fl_fss functions. Additional changes: - Make the return status constant. - The status is being returned regardless in some cases so remove the effectively redundant lines of code. - Combined the additional if condition blocks together. --- level_1/fl_fss/c/fss/basic.c | 4 ++-- level_1/fl_fss/c/fss/extended.c | 12 ++---------- level_1/fl_fss/c/private-fss.c | 25 +++++++------------------ 3 files changed, 11 insertions(+), 30 deletions(-) diff --git a/level_1/fl_fss/c/fss/basic.c b/level_1/fl_fss/c/fss/basic.c index d081b3d..610848e 100644 --- a/level_1/fl_fss/c/fss/basic.c +++ b/level_1/fl_fss/c/fss/basic.c @@ -133,9 +133,9 @@ extern "C" { const f_array_length_t delimits_used = delimits->used; - f_status_t status = private_fl_fss_basic_read(buffer, F_true, state, range, found, quote, delimits); + const f_status_t status = private_fl_fss_basic_read(buffer, F_true, state, range, found, quote, delimits); - if (F_status_is_error(status)) { + if (F_status_is_error(status) || status == F_fss_found_object_not || status == F_data_not || status == F_data_not_eos || status == F_data_not_stop) { delimits->used = delimits_used; } diff --git a/level_1/fl_fss/c/fss/extended.c b/level_1/fl_fss/c/fss/extended.c index 48be121..d762420 100644 --- a/level_1/fl_fss/c/fss/extended.c +++ b/level_1/fl_fss/c/fss/extended.c @@ -185,18 +185,10 @@ extern "C" { const f_array_length_t delimits_used = delimits->used; - f_status_t status = private_fl_fss_basic_read(buffer, F_true, state, range, found, quoted, delimits); + const f_status_t status = private_fl_fss_basic_read(buffer, F_true, state, range, found, quoted, delimits); - if (F_status_is_error(status)) { + if (F_status_is_error(status) || status == F_fss_found_object_not || status == F_data_not || status == F_data_not_eos || status == F_data_not_stop) { delimits->used = delimits_used; - - return status; - } - - if (status == F_fss_found_object_not || status == F_data_not || status == F_data_not_eos || status == F_data_not_stop) { - delimits->used = delimits_used; - - return status; } return status; diff --git a/level_1/fl_fss/c/private-fss.c b/level_1/fl_fss/c/private-fss.c index fb138b9..f027405 100644 --- a/level_1/fl_fss/c/private-fss.c +++ b/level_1/fl_fss/c/private-fss.c @@ -136,13 +136,9 @@ extern "C" { return F_fss_found_object_not; } - if (status == F_none_eos) { - return F_data_not_eos; - } - - if (status == F_none_stop) { - return F_data_not_stop; - } + if (status == F_none_eos) return F_data_not_eos; + if (status == F_none_stop) return F_data_not_stop; + if (status == F_data_not) return status; // Begin the search. found->start = range->start; @@ -704,17 +700,10 @@ extern "C" { f_status_t status = f_fss_skip_past_space(state, object, range); if (F_status_is_error(status)) return status; - if (status == F_none_eos) { - return F_data_not_eos; - } - - if (status == F_none_stop) { - return F_data_not_stop; - } - - if (status == F_none_eol) { - return F_status_set_error(F_none_eol); - } + if (status == F_none_eos) return F_data_not_eos; + if (status == F_none_stop) return F_data_not_stop; + if (status == F_none_eol) return F_status_set_error(F_none_eol); + if (status == F_data_not) return status; // Ensure that there is room for the potential start and stop quotes, a potential delimit at start, and the potential object open character. status = f_string_dynamic_increase_by(5, destination); -- 1.8.3.1