From e3ad1a3f7c6a947971dc7b84e6eaec9cae91536c Mon Sep 17 00:00:00 2001
From: Marko Kreen <markokr@gmail.com>
Date: Sat, 11 Aug 2007 12:29:53 +0000
Subject: [PATCH] more robust quote_literal()

---
 src/varcache.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/varcache.c b/src/varcache.c
index 46fd882..6b7b790 100644
--- a/src/varcache.c
+++ b/src/varcache.c
@@ -74,23 +74,29 @@ static bool is_std_quote(VarCache *vars)
 	return strcasecmp(val, "on") == 0;
 }
 
-static void quote_literal(char *buf, int buflen, const char *src, bool std_quote)
+static bool quote_literal(char *buf, int buflen, const char *src, bool std_quote)
 {
 	char *dst = buf;
+	char *end = buf + buflen - 2;
 
-	Assert(buflen > 32);
+	if (buflen < 3)
+		return false;
 
-	/* quote value */
 	*dst++ = '\'';
-	while (*src && (dst < buf + buflen - 2)) {
+	while (*src && dst < end) {
 		if (*src == '\'')
 			*dst++ = '\'';
 		else if (!std_quote && *src == '\\')
 			*dst++ = '\\';
 		*dst++ = *src++;
 	}
+	if (*src || dst > end)
+		return false;
+
 	*dst++ = '\'';
 	*dst = 0;
+
+	return true;
 }
 
 static int apply_var(PktBuf *pkt, const char *key,
@@ -105,7 +111,8 @@ static int apply_var(PktBuf *pkt, const char *key,
 		return 0;
 
 	/* the string may have been taken from startup pkt */
-	quote_literal(qbuf, sizeof(qbuf), cval, std_quote);
+	if (!quote_literal(qbuf, sizeof(qbuf), cval, std_quote))
+		return 0;
 
 	len = snprintf(buf, sizeof(buf), "SET %s=%s;", key, qbuf);
 	if (len < sizeof(buf)) {
-- 
2.50.1