kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Don't read past the end of the string in BUF_strndup. 

BUF_strlcpy still assumes |src| is a NUL-terminated string and will call strlen
on it to determine the actual length. BUF_strndup's input need not be
NUL-terminated.

Change-Id: I9ca95e92533d12f1b0283412249bda4f8cf92433
Reviewed-on: https://boringssl-review.googlesource.com/1997
Reviewed-by: Adam Langley <agl@google.com>
kris/onging/CECPQ3_patch15
David Benjamin 10 years ago
committed by Adam Langley
parent
b698617007
commit
721e6e1500
1 changed files with 2 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -1
      crypto/buf/buf.c

+ 2
- 1
crypto/buf/buf.c View File

@@ -187,7 +187,8 @@ char *BUF_strndup(const char *buf, size_t size) {
return NULL;
}

BUF_strlcpy(ret, buf, alloc_size);
memcpy(ret, buf, size);
ret[size] = '\0';
return ret;
}



Write Preview
Loading…
Cancel
Save