skill: Do not scan past the null-terminator in check_proc().

author Qualys Security Advisory <qsa@qualys.com>

Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)

committer Craig Small <csmall@enc.com.au>

Fri, 18 May 2018 21:32:21 +0000 (07:32 +1000)
author Qualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer Craig Small <csmall@enc.com.au>
Fri, 18 May 2018 21:32:21 +0000 (07:32 +1000)
diff --git a/skill.c b/skill.c

index edc42053a57cec1f2b673c9a31e74b018b0cb407..3bc331f67d5f638f6de6d4c195b84d694789a745 100644 (file)
--- a/skill.c
+++ b/skill.c
@@ -209,8 +209,11 @@ static void check_proc(int pid, struct run_time_conf_t *run_time)
         *tmp++ = '\0';
         i = 5;
         while (i--)
-               while (*tmp++ != ' ')
-                       /* scan to find tty */ ;
+               do {
+                       if (!*tmp)
+                               goto closure;
+                       /* scan to find tty */
+               } while (*tmp++ != ' ');
         tty = atoi(tmp);
         if (ttys) {
                 i = tty_count;
author	Qualys Security Advisory <qsa@qualys.com>
	Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer	Craig Small <csmall@enc.com.au>
	Fri, 18 May 2018 21:32:21 +0000 (07:32 +1000)