Google Git
Sign in
boringssl/boringssl/3e449b1b0560b2214cf5a6cd553fd6171cada7aa^!/./crypto/buf
commit
3e449b1b0560b2214cf5a6cd553fd6171cada7aa
[log]
author
Adam Langley <agl@chromium.org>
Fri Jun 20 12:00:00 2014 -0700
committer
Adam Langley <agl@chromium.org>
Fri Jun 20 13:17:40 2014 -0700
tree
b4337df4cd3c348eb2c1e37199ab40ab56bfbbbd
parent
b4b9914f74f77378e7eb3fd9e30dec4c4d0112c3 [diff]
Don't allocate more than is needed in BUF_strndup()

(Imported from upstream's 4ceb430a468e8226175aa3f169c0e746877c17e1,
4f7236edc7d5c384bdb148faf7b23f887cf18f69 and
ed693e43329383c0d68455d83778cdc9748a074d)

diff --git a/crypto/buf/buf.c b/crypto/buf/buf.c
index fe55c0c..94bbeaf 100644
--- a/crypto/buf/buf.c
+++ b/crypto/buf/buf.c

@@ -153,6 +153,18 @@
   return BUF_strndup(buf, strlen(buf));
 }
 
+size_t BUF_strnlen(const char *str, size_t max_len) {
+  size_t i;
+
+  for (i = 0; i < max_len; i++) {
+    if (str[i] == 0) {
+      break;
+    }
+  }
+
+  return i;
+}
+
 char *BUF_strndup(const char *buf, size_t size) {
   char *ret;
   size_t alloc_size;
@@ -161,6 +173,8 @@
     return NULL;
   }
 
+  size = BUF_strnlen(buf, size);
+
   alloc_size = size + 1;
   if (alloc_size < size) {
     /* overflow */

diff --git a/crypto/buf/buf.h b/crypto/buf/buf.h
index 4cfeee4..d1e63f2 100644
--- a/crypto/buf/buf.h
+++ b/crypto/buf/buf.h

@@ -89,6 +89,11 @@
 /* BUF_strdup returns an allocated, duplicate of |str|. */
 char *BUF_strdup(const char *str);
 
+/* BUF_strnlen returns the number of characters in |str|, excluding the NUL
+ * byte, but at most |max_len|. This function never reads more than |max_len|
+ * bytes from |str|. */
+size_t BUF_strnlen(const char *str, size_t max_len);
+
 /* BUF_strndup returns an allocated, duplicate of |str|, which is, at most,
  * |size| bytes. The result is always NUL terminated. */
 char *BUF_strndup(const char *str, size_t size);