diff options
author | Romain Izard <romain.izard.pro@gmail.com> | 2011-06-24 11:01:09 +0200 |
---|---|---|
committer | maximilian attems <max@stro.at> | 2011-06-25 09:33:47 +0200 |
commit | 0bd18d54159154f4af1c478a854c884cd80ecf0b (patch) | |
tree | 38fc57b1b80c9dd8814a0b93a1239fce27e1e75c | |
parent | bc523062552d814539025f2b6cd221309029b01c (diff) | |
download | klibc-0bd18d54159154f4af1c478a854c884cd80ecf0b.tar.gz |
[klibc] strndup(): Fix out of bounds read access
The use of strlen to get the length of the source string can lead to
undetermined memory access if the source string is not finished with a
zero. Use strnlen to prevent this.
Signed-off-by: Romain Izard <romain.izard.pro@gmail.com>
Reviewed-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: maximilian attems <max@stro.at>
-rw-r--r-- | usr/klibc/strndup.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/usr/klibc/strndup.c b/usr/klibc/strndup.c index 65afd4440e4da..e4814be09e007 100644 --- a/usr/klibc/strndup.c +++ b/usr/klibc/strndup.c @@ -7,9 +7,8 @@ char *strndup(const char *s, size_t n) { - int l = n > strlen(s) ? strlen(s) + 1 : n + 1; - char *d = malloc(l); - + size_t l = strnlen(s, n); + char *d = malloc(l + 1); if (!d) return NULL; |