diff options
| author | Alessandro Ghedini <alessandro@ghedini.me> | 2015-09-16 17:54:05 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2015-09-22 20:03:57 +0200 |
| commit | f61216ba9d17430fb5eb3e2b202a209960b9d51b (patch) | |
| tree | c82ad8f99402f83390c90626fde53c7f89fae2a1 /crypto/buffer/buffer.h | |
| parent | c038e6b50497a4c63044a509e925a6eebff3e747 (diff) | |
| download | openssl-f61216ba9d17430fb5eb3e2b202a209960b9d51b.tar.gz | |
Make BUF_strndup() read-safe on arbitrary inputs
BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.
Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.
The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 110f7b37de9feecfb64950601cc7cec77cf6130b)
Diffstat (limited to 'crypto/buffer/buffer.h')
| -rw-r--r-- | crypto/buffer/buffer.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h index c343dd772f..a05cee091f 100644 --- a/crypto/buffer/buffer.h +++ b/crypto/buffer/buffer.h @@ -86,7 +86,13 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len); int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); size_t BUF_strnlen(const char *str, size_t maxlen); char *BUF_strdup(const char *str); + +/* + * Returns a pointer to a new string which is a duplicate of the string |str|, + * but guarantees to never read past the first |siz| bytes of |str|. + */ char *BUF_strndup(const char *str, size_t siz); + void *BUF_memdup(const void *data, size_t siz); void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); |