Skip to content

Commit fc0096a

Browse files
Amr-ShamsAmr-Shams
committed
[pgmoneta#983]admin: guard strtok() results when parsing users file
Signed-off-by: Amr-Shams <amr.shams2015.as@gmail.com>
1 parent a048521 commit fc0096a

1 file changed

Lines changed: 26 additions & 1 deletion

File tree

src/admin.c

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -665,6 +665,11 @@ add_user(char* users_path, char* username, char* password, bool generate_pwd, in
665665
while (fgets(line, sizeof(line), users_file))
666666
{
667667
ptr = strtok(line, ":");
668+
if (ptr == NULL)
669+
{
670+
warnx("invalid users file line while adding user");
671+
goto error;
672+
}
668673
if (!strcmp(username, ptr))
669674
{
670675
warnx("Existing user: %s", username);
@@ -994,6 +999,11 @@ update_user(char* users_path, char* username, char* password, bool generate_pwd,
994999
memcpy(&line_copy, &line, strlen(line));
9951000

9961001
ptr = strtok(line, ":");
1002+
if (ptr == NULL)
1003+
{
1004+
warnx("invalid users file line while updating user");
1005+
goto error;
1006+
}
9971007
if (!strcmp(username, ptr))
9981008
{
9991009
/* Password */
@@ -1317,6 +1327,11 @@ remove_user(char* users_path, char* username, int32_t output_format)
13171327
memcpy(&line_copy, &line, strlen(line));
13181328

13191329
ptr = strtok(line, ":");
1330+
if (ptr == NULL)
1331+
{
1332+
warnx("invalid users file line while removing user");
1333+
goto error;
1334+
}
13201335
if (!strcmp(username, ptr))
13211336
{
13221337
found = true;
@@ -1439,6 +1454,11 @@ list_users(char* users_path, int32_t output_format)
14391454
while (fgets(line, sizeof(line), users_file))
14401455
{
14411456
ptr = strtok(line, ":");
1457+
if (ptr == NULL)
1458+
{
1459+
warnx("skipping malformed users file line while listing users");
1460+
continue;
1461+
}
14421462
if (strchr(ptr, '\n'))
14431463
{
14441464
continue;
@@ -1573,6 +1593,11 @@ create_response(char* users_path, struct json* json, struct json** response)
15731593
while (fgets(line, sizeof(line), users_file))
15741594
{
15751595
ptr = strtok(line, ":");
1596+
if (ptr == NULL)
1597+
{
1598+
warnx("skipping malformed users file line while creating response");
1599+
continue;
1600+
}
15761601
if (strchr(ptr, '\n'))
15771602
{
15781603
continue;
@@ -1591,4 +1616,4 @@ create_response(char* users_path, struct json* json, struct json** response)
15911616
pgmoneta_json_destroy(r);
15921617

15931618
return 1;
1594-
}
1619+
}

0 commit comments

Comments
 (0)