dovecot-2.2: lib: Fixed potential read buffer overflow in JSON p...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/07456a200816
changeset: 17505:07456a200816
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Jun 19 12:31:55 2014 +0300
description:
lib: Fixed potential read buffer overflow in JSON parser.

diffstat:

 src/lib/json-parser.c |  4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diffs (14 lines):

diff -r b6733f4777f1 -r 07456a200816 src/lib/json-parser.c
--- a/src/lib/json-parser.c	Mon Jun 16 19:52:11 2014 +0300
+++ b/src/lib/json-parser.c	Thu Jun 19 12:31:55 2014 +0300
@@ -203,7 +203,9 @@
 		if (*parser->data != '\\')
 			str_append_c(parser->value, *parser->data);
 		else {
-			switch (*++parser->data) {
+			if (++parser->data == parser->end)
+				return 0;
+			switch (*parser->data) {
 			case '"':
 			case '\\':
 			case '/':