From dad93c425ed74cf770db4212bffae0eeb363bcf3 Mon Sep 17 00:00:00 2001
From: Dirk Hohndel <dirk@hohndel.org>
Date: Fri, 7 Dec 2012 20:02:14 -0800
Subject: Fix potential uninitialized read

When analyzing the buffer that is handed to the first_object_id function
we carefully check to make sure that we don't read past the end of the
input buffer but there was still one code path that could have us do just
that.

Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
---
 uemis-downloader.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'uemis-downloader.c')

diff --git a/uemis-downloader.c b/uemis-downloader.c
index 722b4ea08..ec146afee 100644
--- a/uemis-downloader.c
+++ b/uemis-downloader.c
@@ -327,7 +327,7 @@ static char *first_object_id_val(char* buf)
 		return NULL;
 	bufend = buf + strlen(buf);
 	object = strstr(buf, "object_id");
-	if (object) {
+	if (object && object + 14 < bufend) {
 		/* get the value */
 		char tmp[10];
 		char *p = object + 14;
-- 
cgit v1.2.3-70-g09d2