From 89ee3aeaf40f46c3851ff1f71b8b71813380ceb1 Mon Sep 17 00:00:00 2001 From: martijn <> Date: Wed, 14 Aug 2019 04:48:13 +0000 Subject: [PATCH] Make sure that ber in ber_scanf_elements is not NULL before parsing format where ber is utilized. This also allows us to remove the ber->be_next check, which can cause weird behaviour, because a NULL be_next would result in parsing the last element twice. OK claudio@ on previous version OK rob@ --- src/lib/libutil/ber.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/libutil/ber.c b/src/lib/libutil/ber.c index 4fb4e7ba..f38d95b9 100644 --- a/src/lib/libutil/ber.c +++ b/src/lib/libutil/ber.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ber.c,v 1.11 2019/08/05 12:38:14 martijn Exp $ */ +/* $OpenBSD: ber.c,v 1.12 2019/08/14 04:48:13 martijn Exp $ */ /* * Copyright (c) 2007, 2012 Reyk Floeter @@ -684,6 +684,8 @@ ber_scanf_elements(struct ber_element *ber, char *fmt, ...) va_start(ap, fmt); while (*fmt) { + if (ber == NULL && *fmt != '}' && *fmt != ')') + goto fail; switch (*fmt++) { case 'B': ptr = va_arg(ap, void **); @@ -788,8 +790,6 @@ ber_scanf_elements(struct ber_element *ber, char *fmt, ...) goto fail; } - if (ber->be_next == NULL) - continue; ber = ber->be_next; } va_end(ap);