...
|
...
|
@@ -122,6 +122,12 @@ cl_error_t cli_bcomp_addpatt(struct cli_matcher *root, const char *virname, cons
|
122
|
122
|
return CL_EMALFDB;
|
123
|
123
|
}
|
124
|
124
|
|
|
125
|
+ if (ref_subsigid > MAX_LDB_SUBSIGS) {
|
|
126
|
+ cli_errmsg("cli_bcomp_addpatt: while byte compare subsig parsing, reference subigid exceeded limits on max LDB subsigs\n");
|
|
127
|
+ cli_bcomp_freemeta(root, bcomp);
|
|
128
|
+ return CL_EMALFDB;
|
|
129
|
+ }
|
|
130
|
+
|
125
|
131
|
bcomp->ref_subsigid = ref_subsigid;
|
126
|
132
|
|
127
|
133
|
/* use the passed hexsig buffer to find the start and ending parens and store the param length (minus starting paren) */
|
...
|
...
|
@@ -479,7 +485,7 @@ cl_error_t cli_bcomp_scanbuf(const unsigned char *buffer, size_t buffer_length,
|
479
|
479
|
if (bcomp->lsigid[0]) {
|
480
|
480
|
|
481
|
481
|
subsigid = cli_calloc(3, sizeof(char));
|
482
|
|
- sprintf(subsigid, "%hu", bcomp->ref_subsigid);
|
|
482
|
+ snprintf(subsigid, 3, "%hu", bcomp->ref_subsigid);
|
483
|
483
|
|
484
|
484
|
/* verify the ref_subsigid */
|
485
|
485
|
if (cli_ac_chklsig(subsigid, subsigid + strlen(subsigid),
|