From: Simon Tatham <anakin@pobox.com>
Date: Tue, 10 Nov 2015 18:49:09 +0000 (+0000)
Subject: Fix an out-of-bounds read in fgetline().
X-Git-Tag: 0.68~324
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=5815d6a65af992881f5462097c9320f3a4716e0c;hp=fa7b23ce9025daba08e86bb934fc430099792b9a;p=PuTTY.git

Fix an out-of-bounds read in fgetline().

Forgot that a zero-length string might have come back from fgets.

Thanks to Hanno Böck for spotting this, with the aid of AFL.
---

diff --git a/misc.c b/misc.c
index 618ca297..0ce3d366 100644
--- a/misc.c
+++ b/misc.c
@@ -460,7 +460,7 @@ char *fgetline(FILE *fp)
     int size = 512, len = 0;
     while (fgets(ret + len, size - len, fp)) {
 	len += strlen(ret + len);
-	if (ret[len-1] == '\n')
+	if (len > 0 && ret[len-1] == '\n')
 	    break;		       /* got a newline, we're done */
 	size = len + 512;
 	ret = sresize(ret, size, char);