Fix: add safeguard for is_keyword in pwpolicy

When a string is shorter than used index and is protected memory than accessing it may trigger a SIGSEGV.
greenbone · Apr 7, 2022 · b35bb16 · b35bb16
1 parent ee3ea12
commit b35bb16
Showing 1 changed file with 17 additions and 9 deletions.
diff --git a/base/pwpolicy.c b/base/pwpolicy.c
@@ -137,19 +137,27 @@ policy_checking_failed (void)
 static char *
 is_keyword (char *string, const char *keyword)
 {
-  int n = strlen (keyword);
+  int idx, slen;
+  char *tmp;
+  idx = strlen (keyword);
+  slen = strlen (string);
 
-  if (!strncmp (string, keyword, n))
+  if (!strncmp (string, keyword, idx))
     {
-      if (string[n] == ':') /* Skip the optional colon. */
-        n++;
-      if (!string[n] || g_ascii_isspace (string[n]))
+      tmp = string + idx;
+      if (tmp - string >= slen)
+        return NULL;
+      // skip optional:
+      if (*tmp == ':')
+        tmp++;
+
+      for (; tmp - string < slen && g_ascii_isspace (*tmp); tmp++)
         {
-          string += n;
-          while (g_ascii_isspace (*string))
-            string++;
-          return string;
+          // skip whitespace
         }
+      // double check
+      if (tmp - string < slen)
+        return tmp;
     }
   return NULL;
 }