From f0f5bb6cbd8f32f420f177409bde9e318ca53865 Mon Sep 17 00:00:00 2001
From: Kevin Day <Kevin@kevux.org>
Date: Thu, 13 Jun 2024 21:53:39 -0500
Subject: [PATCH] Security: Console parameter single short values array is too
 small.

The short parameters "needs" variable now increases the array size before assignment.

The following command line calls are used to expose the problem and its resolution:
  # fss_basic_list_read specifications/fss.txt +Q -cn "Featureless Settings Specifications" | iki_read +Q -w -rrrrrrrr anti-KISS 'anti-<abbr title="Keep It Simple Stupid">KISS</abbr>' ASCII '<abbr title="American Standard Code for Information Interchange">ASCII</abbr>' BOM '<abbr title="Byte Order Mark">BOM</abbr>' FSS '<abbr title="Featureless Settings Specifications">FSS</abbr>' KISS '<abbr title="Keep It Simple Stupid">KISS</abbr>' UTF-8 '<abbr title="Unicode Transformation Format 8-bit">UTF-8</abbr>' URL '<abbr title="Byte Order Mark">URL</abbr>' XML '<abbr title="Extensible Markup Language">XML</abbr>' -WWW character '<code class="code">' "</code>" code '<code class="code">' '</code>' italic '<em class="em">' '</em>'
---
 level_0/f_console/c/console.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/level_0/f_console/c/console.c b/level_0/f_console/c/console.c
index 5212773..2c2592c 100644
--- a/level_0/f_console/c/console.c
+++ b/level_0/f_console/c/console.c
@@ -305,6 +305,9 @@ extern "C" {
               parameters->array[i].location_sub = location_sub;
               parameters->array[i].locations_sub.array[parameters->array[i].locations_sub.used++] = location_sub;
 
+              status = f_array_lengths_increase_by(parameters->array[i].values_total, &needs);
+              if (F_status_is_error(status)) break;
+
               for (j = 0; j < parameters->array[i].values_total; ++j) {
                 needs.array[needs.used++] = i;
               } // for
-- 
1.8.3.1