Fixed: crash on invalid configuration file

Fixed: memory corruptions on config parsing
2026-02-25 13:42:25 +08:00 · 2026-01-28 19:40:58 +03:00 · 2026-01-28 19:13:41 +03:00
2 changed files with 15 additions and 9 deletions
--- a/src/conf.c
+++ b/src/conf.c
@ -105,6 +105,10 @@ unsigned char * dologname (unsigned char *buf, unsigned char *name, const unsign
 	struct tm *ts;
 	ts = localtime(&t);
 	if(strlen((char *)name) >= 4096){
 	    *buf = 0;
 	    return buf;
 	}
 	if(strchr((char *)name, '%')){
 		struct clientparam fakecli;
@ -905,7 +909,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
 		if(argc > 0 && strcmp("*", (char *)argv[0])) {
 			arg = argv[0];
 			arg = (unsigned char *)strtok((char *)arg, ",");
-			do {
+			if(arg) do {
 				if(!acl->users) {
 					acl->users = userl = myalloc(sizeof(struct userlist));
 				}
@ -924,7 +928,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
 		}
 		if(argc > 1  && strcmp("*", (char *)argv[1])) {
 			arg = (unsigned char *)strtok((char *)argv[1], ",");
-			do {
+			if(arg) do {
 				if(!acl->src) {
 					acl->src = ipl = myalloc(sizeof(struct iplist));
 				}
@ -945,7 +949,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
 		}
 		if(argc > 2 && strcmp("*", (char *)argv[2])) {
 			arg = (unsigned char *)strtok((char *)argv[2], ",");
-			do {
+			if(arg) do {
 			 int arglen;
 			 unsigned char *pattern;
 			 struct iplist tmpip={NULL};
@ -1002,7 +1006,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
 		}
 		if(argc > 3 && strcmp("*", (char *)argv[3])) {
 			arg = (unsigned char *)strtok((char *)argv[3], ",");
-			do {
+			if(arg) do {
 				if(!acl->ports) {
 					acl->ports = portl = myalloc(sizeof(struct portlist));
 				}
@ -1025,7 +1029,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
 		}
 		if(argc > 4 && strcmp("*", (char *)argv[4])) {
 			arg = (unsigned char *)strtok((char *)argv[4], ",");	
-			do {
+			if(arg) do {
 				if(!strcmp((char *)arg, "CONNECT")){
 					acl->operation |= CONNECT;
 				}
@ -1682,7 +1686,7 @@ int parsestr (unsigned char *str, unsigned char **argm, int nitems, unsigned cha
 	 }
         switch(*str){
 		case '\0': 
-			if(comment) return -1;
+			if(comment || incbegin) return -1;
 			argm[argc] = 0;
 			return argc;
 		case '$':
@ -1709,14 +1713,14 @@ int parsestr (unsigned char *str, unsigned char **argm, int nitems, unsigned cha
 					argc--;
 					if((fd = open((char *)incbegin+1, O_RDONLY)) <= 0){
 						fprintf(stderr, "Failed to open %s\n", incbegin+1);
-						break;
+						return -1;
 					}
 					if((*bufsize - *inbuf) <STRINGBUF){
 						*bufsize += STRINGBUF;
 						if(!(buf = myrealloc(buf, *bufsize))){
 							fprintf(stderr, "Failed to allocate memory for %s\n", incbegin+1);
 							close(fd);
-							break;
+							return -1;
 						}
 					}
 					len = 0;
@ -1727,7 +1731,7 @@ int parsestr (unsigned char *str, unsigned char **argm, int nitems, unsigned cha
 					if((res = read(fd, buf+*inbuf+len, STRINGBUF-(1+len))) <= 0) {
 						perror((char *)incbegin+1);
 						close(fd);
-						break;
+						return -1;
 					}
 					close(fd);
 					buf[*inbuf+res+len] = 0;
--- a/src/log.c
+++ b/src/log.c
@ -300,6 +300,8 @@ int dobuf2(struct clientparam * param, unsigned char * buf, const unsigned char
 						break;
 					}
 				case 0:
 				 j--;
 				default:
 				 buf[i++] = format[j];
 			}
Author	SHA1	Message	Date
Vladimir Dubrovin	12c9039ea4	Fixed: crash on invalid configuration file Some checks failed C/C++ CI / ${{ matrix.target }} (macos-15) (push) Has been cancelled Details C/C++ CI / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Has been cancelled Details C/C++ CI / ${{ matrix.target }} (ubuntu-latest) (push) Has been cancelled Details C/C++ CI / ${{ matrix.target }} (windows-2022) (push) Has been cancelled Details	2026-01-28 19:40:58 +03:00
Vladimir Dubrovin	1a970c5c98	Fixed: memory corruptions on config parsing	2026-01-28 19:13:41 +03:00