[klibc] strndup(): Fix out of bounds read access

The use of strlen to get the length of the source string can lead to undetermined memory access if the source string is not finished with a zero. Use strnlen to prevent this. Signed-off-by: Romain Izard <romain.izard.pro@gmail.com> Reviewed-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: maximilian attems <max@stro.at>
author: Romain Izard <romain.izard.pro@gmail.com> 2011-06-24 11:01:09 +0200
committer: maximilian attems <max@stro.at> 2011-06-25 09:33:47 +0200
commit: 0bd18d54159154f4af1c478a854c884cd80ecf0b (patch)
tree: 38fc57b1b80c9dd8814a0b93a1239fce27e1e75c
parent: bc523062552d814539025f2b6cd221309029b01c (diff)
download: klibc-0bd18d54159154f4af1c478a854c884cd80ecf0b.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/usr/klibc/strndup.c b/usr/klibc/strndup.c
index 65afd4440e4da..e4814be09e007 100644
--- a/usr/klibc/strndup.c
+++ b/usr/klibc/strndup.c
@@ -7,9 +7,8 @@
 
 char *strndup(const char *s, size_t n)
 {
-	int l = n > strlen(s) ? strlen(s) + 1 : n + 1;
-	char *d = malloc(l);
-
+	size_t l = strnlen(s, n);
+	char *d = malloc(l + 1);
 	if (!d)
 		return NULL;
author	Romain Izard <romain.izard.pro@gmail.com>	2011-06-24 11:01:09 +0200
committer	maximilian attems <max@stro.at>	2011-06-25 09:33:47 +0200
commit	0bd18d54159154f4af1c478a854c884cd80ecf0b (patch)
tree	38fc57b1b80c9dd8814a0b93a1239fce27e1e75c
parent	bc523062552d814539025f2b6cd221309029b01c (diff)
download	klibc-0bd18d54159154f4af1c478a854c884cd80ecf0b.tar.gz