Fix a buffer overrun.

getln() returns 'len' valid characters. line[len] is out of bounds. Reported by: CHERI Reviewed by: brooks Obtained from: CheriBSD MFC after: 2 weeks Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D26197
2020-09-01 16:20:42 +00:00 · 2020-09-01 16:20:42 +00:00 · ff38047b0c
commit ff38047b0c
parent 2b33ffde2e
1 changed files with 3 additions and 3 deletions
--- a/lib/libc/tests/resolv/resolv_test.c
+++ b/lib/libc/tests/resolv/resolv_test.c
@ -76,15 +76,15 @@ load(const char *fname)
 	if ((fp = fopen(fname, "r")) == NULL)
 	ATF_REQUIRE(fp != NULL);
 	while ((line = fgetln(fp, &len)) != NULL) {
-		char c = line[len];
+		char c = line[len - 1];
 		char *ptr;
-		line[len] = '\0';
+		line[len - 1] = '\0';
 		for (ptr = strtok(line, WS); ptr; ptr = strtok(NULL, WS)) {
 			if (ptr == '\0' || ptr[0] == '#')
 				continue;
 			sl_add(hosts, strdup(ptr));
 		}
-		line[len] = c;
+		line[len - 1] = c;
 	}

 	(void)fclose(fp);