[klibc] strndup(): Fix out of bounds read access The use of strlen to get the length of the source string can lead to undetermined memory access if the source string is not finished with a zero. Use strnlen to prevent this. Signed-off-by: Romain Izard <romain.izard.pro@gmail.com> Reviewed-by: H. Peter Anvin <hpa@zytor.com> Signed-off-by: maximilian attems <max@stro.at>

commit: 0bd18d54159154f4af1c478a854c884cd80ecf0b [log] [tgz]
author: Romain Izard <romain.izard.pro@gmail.com> Fri Jun 24 11:01:09 2011 +0200
committer: maximilian attems <max@stro.at> Sat Jun 25 09:33:47 2011 +0200
tree: 38fc57b1b80c9dd8814a0b93a1239fce27e1e75c
parent: bc523062552d814539025f2b6cd221309029b01c [diff]
diff --git a/usr/klibc/strndup.c b/usr/klibc/strndup.c
index 65afd44..e4814be 100644
--- a/usr/klibc/strndup.c
+++ b/usr/klibc/strndup.c

@@ -7,9 +7,8 @@
 
 char *strndup(const char *s, size_t n)
 {
-	int l = n > strlen(s) ? strlen(s) + 1 : n + 1;
-	char *d = malloc(l);
-
+	size_t l = strnlen(s, n);
+	char *d = malloc(l + 1);
 	if (!d)
 		return NULL;
commit	0bd18d54159154f4af1c478a854c884cd80ecf0b	[log] [tgz]
author	Romain Izard <romain.izard.pro@gmail.com>	Fri Jun 24 11:01:09 2011 +0200
committer	maximilian attems <max@stro.at>	Sat Jun 25 09:33:47 2011 +0200
tree	38fc57b1b80c9dd8814a0b93a1239fce27e1e75c
parent	bc523062552d814539025f2b6cd221309029b01c [diff]