From b3773d09ea08234a1e0205ecb66733dda067c1ea Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Sat, 3 Nov 2018 19:25:15 +0100 Subject: Only parse arguments if index actually is numeric Signed-off-by: David Oberhollenzer --- lib/libcfg/rdline.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/libcfg/rdline.c b/lib/libcfg/rdline.c index 3c3fcb3..b532def 100644 --- a/lib/libcfg/rdline.c +++ b/lib/libcfg/rdline.c @@ -84,15 +84,16 @@ static int normalize_line(rdline_t *t) } else if (c == '%') { *(dst++) = c; c = *(src++); - if (c != '%' && !isdigit(c)) { + if (isdigit(c)) { + if ((c - '0') >= t->argc) { + errstr = "argument out of range"; + goto fail; + } + ret += strlen(t->argv[c - '0']); + } else if (c != '%') { errstr = "expected digit after '%%'"; goto fail; } - if (isdigit(c) && (c - '0') >= t->argc) { - errstr = "argument out of range"; - goto fail; - } - ret += strlen(t->argv[c - '0']); } else if (string && c == '\\' && *src != '\0') { *(dst++) = c; c = *(src++); -- cgit v1.2.3