]> www.wagner.pp.ru Git - oss/catdoc.git/blobdiff - src/rtfread.c
projects / oss / catdoc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix vulnerability in rtfread.c:getNumber. Rewrote null pointer check in fileutils...
[oss/catdoc.git] / src / rtfread.c
diff --git a/src/rtfread.c b/src/rtfread.c
index 9cb869b05a551c0b012af178c97e7d39c869aba4..af6be86183986317643093fde87f6d03e36be582 100644 (file)
--- a/src/rtfread.c
+++ b/src/rtfread.c
@@ -103,6 +103,7 @@ RTFTypeMap rtf_types[]={
 
 #define RTFNAMEMAXLEN 32
 #define RTFARGSMAXLEN 64
+#define MAX_DIGITS_IN_NUMBER 10
 
 /**
  * Structure describing rtf command
@@ -367,9 +368,11 @@ signed long getNumber(FILE *f) {
        int c,count=0;
        char buf[RTFARGSMAXLEN];
        
-       while(isdigit(c=fgetc(f)) || c=='-') {
+       while((isdigit(c=fgetc(f)) || c=='-')) {
                if(feof(f))
                        return -1;
+               if (count > MAX_DIGITS_IN_NUMBER) 
+                       break;
                buf[count++]=(char)c;
        }
        ungetc(c,f);
catdoc - convert an MS-Office files to text