diff options
| author | Michael Brown <mcb30@ipxe.org> | 2020-06-05 10:01:19 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2020-06-05 10:01:19 +0100 |
| commit | 6a6def775db00a88fa800ea4d08e6519539dacde (patch) | |
| tree | 38c893486d1ebfbc2b22f127a2e1b08729d7e8a4 /src/core | |
| parent | ac28bbb7ea3a1c88aa47c086e92fab78a75c351d (diff) | |
| download | ipxe-6a6def775db00a88fa800ea4d08e6519539dacde.zip ipxe-6a6def775db00a88fa800ea4d08e6519539dacde.tar.gz ipxe-6a6def775db00a88fa800ea4d08e6519539dacde.tar.bz2 | |
[uri] Avoid appearing to access final byte of a potentially empty string
The URI parsing code for "host[:port]" checks that the final character
is not ']' in order to allow for IPv6 literals. If the entire
"host[:port]" portion of the URL is an empty string, then this will
access the preceding character. This does not result in accessing
invalid memory (since the string is guaranteed by construction to
always have a preceding character) and does not result in incorrect
behaviour (since if the string is empty then strrchr() is guaranteed
to return NULL), but it does make the code confusing to read.
Fix by inverting the order of the two tests.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/uri.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/core/uri.c b/src/core/uri.c index 73ad2b2..e9e512a 100644 --- a/src/core/uri.c +++ b/src/core/uri.c @@ -413,8 +413,8 @@ struct uri * parse_uri ( const char *uri_string ) { } /* Split host into host[:port] */ - if ( ( uri->host[ strlen ( uri->host ) - 1 ] != ']' ) && - ( tmp = strrchr ( uri->host, ':' ) ) ) { + if ( ( tmp = strrchr ( uri->host, ':' ) ) && + ( uri->host[ strlen ( uri->host ) - 1 ] != ']' ) ) { *(tmp++) = '\0'; uri->port = tmp; } |