From dca72a4c778cbe55975508ebce22db2105c26ee0 Mon Sep 17 00:00:00 2001
From: David Oberhollenzer <david.oberhollenzer@tele2.at>
Date: Wed, 11 Apr 2018 15:05:59 +0200
Subject: Do not allow embedding null-bytes into a string

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
---
 lib/src/unescape.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib')

diff --git a/lib/src/unescape.c b/lib/src/unescape.c
index ea5c9e2..2d48c92 100644
--- a/lib/src/unescape.c
+++ b/lib/src/unescape.c
@@ -80,6 +80,9 @@ int unescape(char *src)
 				default:
 					return -1;
 				}
+
+				if (c == 0)
+					return -1;
 			}
 
 			*(dst++) = c;
-- 
cgit v1.2.3