Make BUF_strndup() read-safe on arbitrary inputs (110f7b37) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Commit 110f7b37 authored Sep 16, 2015 by

Alessandro Ghedini Committed by Emilia Kasper Sep 22, 2015

Make BUF_strndup() read-safe on arbitrary inputs



BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.

Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.

The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().

Reviewed-by: Matt Caswell <matt@openssl.org>

parent db9defdf

Hide whitespace changes

Inline Side-by-side

Please register or to comment