rpm/elilo
SHA256
1
0
Fork 0
forked from pool/elilo
Code Pull Requests Activity
478875aa71
elilo/elilo-fix-strncpy-overflow.diff

54 lines
1.2 KiB
Diff
Raw Blame History

From: Jarrod Johnson <jbjohnso@us.ibm.com>
Fix StrnCpy bug that would overflow dst buffer if length of src met or
exceeded passed size value.
---
strops.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/strops.c
+++ b/strops.c
@@ -41,11 +41,11 @@ StrnCpy(OUT CHAR16 *dst, IN const CHAR16
{
CHAR16 *res = dst;
- while (size-- && (*dst++ = *src++) != CHAR_NULL);
+ while (size && size-- && (*dst++ = *src++) != CHAR_NULL);
/*
* does the null padding
*/
- while (size-- > 0) *dst++ = CHAR_NULL;
+ while (size && size-- > 0) *dst++ = CHAR_NULL;
return res;
}
@@ -55,11 +55,11 @@ StrnXCpy(OUT CHAR8 *dst, IN const CHAR16
{
CHAR8 *res = dst;
- while (size-- && (*dst++ = (CHAR8)*src++) != '\0');
+ while (size && size-- && (*dst++ = (CHAR8)*src++) != '\0');
/*
* does the null padding
*/
- while (size-- > 0) *dst++ = '\0';
+ while (size && size-- > 0) *dst++ = '\0';
return res;
}
@@ -76,11 +76,11 @@ strncpya(OUT CHAR8 *dst, IN const CHAR8
{
CHAR8 *res = dst;
- while (size-- && (*dst++ = *src++) != '\0');
+ while (size && size-- && (*dst++ = *src++) != '\0');
/*
* does the null padding
*/
- while (size-- > 0) *dst++ = '\0';
+ while (size && size-- > 0) *dst++ = '\0';
return res;
}
View Git Blame Copy Permalink