From 09ba6e48238c802eebff63b5e32809d7cb4d1c70 Mon Sep 17 00:00:00 2001 From: "Pedro F. Giffuni" Date: Thu, 28 Aug 2014 18:11:05 +0000 Subject: [PATCH] MFC r270256: Always check the limits of array index variables before using them. Obtained from: DragonFlyBSD --- bin/ed/cbc.c | 2 +- libexec/rtld-elf/libmap.c | 4 ++-- usr.bin/mail/edit.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bin/ed/cbc.c b/bin/ed/cbc.c index 31838f5e6663..80ed95a5ebf9 100644 --- a/bin/ed/cbc.c +++ b/bin/ed/cbc.c @@ -237,7 +237,7 @@ expand_des_key(char *obuf, char *kbuf) /* * now translate it, bombing on any illegal hex digit */ - for (i = 0; kbuf[i] && i < 16; i++) + for (i = 0; i < 16 && kbuf[i]; i++) if ((nbuf[i] = hex_to_binary((int) kbuf[i], 16)) == -1) des_error("bad hex digit in key"); while (i < 16) diff --git a/libexec/rtld-elf/libmap.c b/libexec/rtld-elf/libmap.c index 8b5faf889edf..691ad5206d0a 100644 --- a/libexec/rtld-elf/libmap.c +++ b/libexec/rtld-elf/libmap.c @@ -216,14 +216,14 @@ lmc_parse(char *lm_p, size_t lm_len) p = NULL; while (cnt < lm_len) { i = 0; - while (lm_p[cnt] != '\n' && cnt < lm_len && + while (cnt < lm_len && lm_p[cnt] != '\n' && i < sizeof(line) - 1) { line[i] = lm_p[cnt]; cnt++; i++; } line[i] = '\0'; - while (lm_p[cnt] != '\n' && cnt < lm_len) + while (cnt < lm_len && lm_p[cnt] != '\n') cnt++; /* skip over nl */ cnt++; diff --git a/usr.bin/mail/edit.c b/usr.bin/mail/edit.c index ad8aa535dec7..f9e974da20f7 100644 --- a/usr.bin/mail/edit.c +++ b/usr.bin/mail/edit.c @@ -81,7 +81,7 @@ edit1(int *msgvec, int type) /* * Deal with each message to be edited . . . */ - for (i = 0; msgvec[i] && i < msgCount; i++) { + for (i = 0; i < msgCount && msgvec[i]; i++) { sig_t sigint; if (i > 0) {