Fix out-of-bounds read in hex_decode

The range check is off by 1. The input letter 'p' makes an out-of-bounds read. The resulting byte is unpredictable. Affects the <bytes> argument of the command "vm_debug pmem_cfind". Since: 7ba3d15
GNS3 · Mar 12, 2024 · 1c98f20 · 1c98f20
1 parent 4084412
commit 1c98f20
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/common/utils.c b/common/utils.c
@@ -200,7 +200,7 @@ int hex_decode(unsigned char *out,const unsigned char *in,int maxlen)
    int empty = TRUE;
 
    for(;len < maxlen;) {
-      if (*in > sizeof(hexval) || hexval[*in] == BAD)
+      if (*in >= sizeof(hexval) || hexval[*in] == BAD)
          break;
 
       if (empty) {