From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 16 Jan 2016 12:29:30 +0000 (+0000)
Subject: load_one_actions_file(): Prevent invalid read if the buffer is too short
X-Git-Tag: v_3_0_24~37
X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=cd25f2f3e6faf2b5f46e01bf670d16364ed49d8f

load_one_actions_file(): Prevent invalid read if the buffer is too short

Found with afl-fuzz and AddressSanitizer.
---

diff --git a/actions.c b/actions.c
index a6854356..8e731387 100644
--- a/actions.c
+++ b/actions.c
@@ -1,4 +1,4 @@
-const char actions_rcs[] = "$Id: actions.c,v 1.92 2013/12/24 13:35:23 fabiankeil Exp $";
+const char actions_rcs[] = "$Id: actions.c,v 1.93 2015/08/12 10:33:13 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/actions.c,v $
@@ -1381,10 +1381,13 @@ static int load_one_actions_file(struct client_state *csp, int fileid)
              *
              * buf + 1 to skip the leading '{'
              */
-            actions_buf = strdup_or_die(buf + 1);
+            actions_buf = end = strdup_or_die(buf + 1);
 
             /* check we have a trailing } and then trim it */
-            end = actions_buf + strlen(actions_buf) - 1;
+            if (strlen(actions_buf))
+            {
+               end += strlen(actions_buf) - 1;
+            }
             if (*end != '}')
             {
                /* No closing } */