[klibc] [PATCH 1/2] strndup(): Fix out of bounds read access
Romain Izard
romain.izard.pro at gmail.com
Fri Jun 24 02:01:09 PDT 2011
The use of strlen to get the length of the source string can lead to
undetermined memory access if the source string is not finished with a
zero. Use strnlen to prevent this.
Signed-off-by: Romain Izard <romain.izard.pro at gmail.com>
---
usr/klibc/strndup.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/usr/klibc/strndup.c b/usr/klibc/strndup.c
index 65afd44..e4814be 100644
--- a/usr/klibc/strndup.c
+++ b/usr/klibc/strndup.c
@@ -7,9 +7,8 @@
char *strndup(const char *s, size_t n)
{
- int l = n > strlen(s) ? strlen(s) + 1 : n + 1;
- char *d = malloc(l);
-
+ size_t l = strnlen(s, n);
+ char *d = malloc(l + 1);
if (!d)
return NULL;
--
1.7.0.4
More information about the klibc
mailing list