From 813fd637a1e76f11daa488ee568059e4ddff35fb Mon Sep 17 00:00:00 2001
From: Michael Vetter <jubalh@iodoru.org>
Date: Tue, 21 Apr 2020 16:47:18 +0200
Subject: inp_readline() Correct slashguard feature

Protect against invalid reads by checking the length.
---
 src/ui/inputwin.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'src/ui')

diff --git a/src/ui/inputwin.c b/src/ui/inputwin.c
index 8362ee00..f3383986 100644
--- a/src/ui/inputwin.c
+++ b/src/ui/inputwin.c
@@ -197,10 +197,12 @@ inp_readline(void)
 
     if (inp_line) {
         if (!get_password && prefs_get_boolean(PREF_SLASH_GUARD)) {
-            char *res = (char*) memchr (inp_line+1, '/', 3);
-            if (res) {
-                cons_show("Your text contains a slash in the first 4 characters");
-                return NULL;
+            if (strlen(inp_line) > 1) {
+                char *res = (char*) memchr (inp_line+1, '/', 3);
+                if (res) {
+                    cons_show("Your text contains a slash in the first 4 characters");
+                    return NULL;
+                }
             }
         }
         return strdup(inp_line);
-- 
cgit 1.4.1-2-gfad0