From 1a2b56de22702d79cf02170e3c4672923080a4f4 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 21 Nov 2016 20:52:55 +0100
Subject: [PATCH] Fix segmentation fault on invalid input.

The 'add' command leads to a segmentation fault on invalid input.

Two arguments to 'add' can be quoted, but the quotation check does not
properly parse a single double quote:

$ echo 'add 0 " 0 0 0' | iceauth
Segmentation fault
$ _

This happens because the code does not properly check if the argument
consists of just one quote. Technically, it is true that the first
and the last characters are double quotes. Therefore it also takes a
check to verify that the length of the string is at least 2.
---
 process.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/process.c b/process.c
index 53b4ba5..91729c1 100644
--- a/process.c
+++ b/process.c
@@ -1286,7 +1286,8 @@ static int do_add (
     protodata_len = strlen (protodata_hex);
     if (protodata_len > 0)
     {
-	if (protodata_hex[0] == '"' && protodata_hex[protodata_len - 1] == '"')
+	if (protodata_len > 1 &&
+	    protodata_hex[0] == '"' && protodata_hex[protodata_len - 1] == '"')
 	{
 	    protodata = malloc (protodata_len - 1);
 	    if (protodata)
@@ -1311,7 +1312,8 @@ static int do_add (
     }
 
     authdata_len = strlen (authdata_hex);
-    if (authdata_hex[0] == '"' && authdata_hex[authdata_len - 1] == '"')
+    if (authdata_len > 1 &&
+	authdata_hex[0] == '"' && authdata_hex[authdata_len - 1] == '"')
     {
 	authdata = malloc (authdata_len - 1);
 	if (authdata)
-- 
2.10.2