If validateascii is passed a string containing only non-zero 7bit
values, then the loop with exit with i == len, and the following
test will access beyond the end of the array.
So add an extra test to fix this.
Found by Marcus Meissner <[email protected]>.
Signed-off-by: NeilBrown <[email protected]>
diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
index 355c6e1..6b5971c 100644
--- a/utils/idmapd/idmapd.c
+++ b/utils/idmapd/idmapd.c
@@ -848,7 +848,7 @@ validateascii(char *string, u_int32_t len)
return (-1);
}
- if (string[i] != '\0')
+ if ((i >= len) || string[i] != '\0')
return (-1);
return (i + 1);