inp_readline() Correct slashguard feature

Protect against invalid reads by checking the length.
author: Michael Vetter <jubalh@iodoru.org> 2020-04-21 16:47:18 +0200
committer: Michael Vetter <jubalh@iodoru.org> 2020-04-21 16:47:18 +0200
commit: 813fd637a1e76f11daa488ee568059e4ddff35fb (patch)
tree: 4a2595a646de287844c7bbdcf8222fd79bc91271 /src/ui
parent: f27bd927312f4c4778bc33ab371b755c3719eeb9 (diff)
download: profani-tty-813fd637a1e76f11daa488ee568059e4ddff35fb.tar.gz
1 files changed, 6 insertions, 4 deletions
diff --git a/src/ui/inputwin.c b/src/ui/inputwin.c
index 8362ee00..f3383986 100644
--- a/src/ui/inputwin.c
+++ b/src/ui/inputwin.c
@@ -197,10 +197,12 @@ inp_readline(void)
 
     if (inp_line) {
         if (!get_password && prefs_get_boolean(PREF_SLASH_GUARD)) {
-            char *res = (char*) memchr (inp_line+1, '/', 3);
-            if (res) {
-                cons_show("Your text contains a slash in the first 4 characters");
-                return NULL;
+            if (strlen(inp_line) > 1) {
+                char *res = (char*) memchr (inp_line+1, '/', 3);
+                if (res) {
+                    cons_show("Your text contains a slash in the first 4 characters");
+                    return NULL;
+                }
             }
         }
         return strdup(inp_line);
author	Michael Vetter <jubalh@iodoru.org>	2020-04-21 16:47:18 +0200
committer	Michael Vetter <jubalh@iodoru.org>	2020-04-21 16:47:18 +0200
commit	813fd637a1e76f11daa488ee568059e4ddff35fb (patch)
tree	4a2595a646de287844c7bbdcf8222fd79bc91271 /src/ui
parent	f27bd927312f4c4778bc33ab371b755c3719eeb9 (diff)
download	profani-tty-813fd637a1e76f11daa488ee568059e4ddff35fb.tar.gz