You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by Ben Laurie <be...@algroup.co.uk> on 2001/02/11 17:32:19 UTC
Re: cvs commit: apr/strings apr_strings.c
Hmmm. Actually, this could improve its efficiency by only allocating
len+1 bytes if len < n. Should we do that?
Cheers,
Ben.
ben@apache.org wrote:
>
> ben 01/02/11 08:25:08
>
> Modified: strings apr_strings.c
> Log:
> ap_pstrndup could have caused out-of-bounds memory accesses (this is a
> theoretical problem that I happened to notice). Only lightly tested.
>
> Revision Changes Path
> 1.9 +7 -2 apr/strings/apr_strings.c
>
> Index: apr_strings.c
> ===================================================================
> RCS file: /home/cvs/apr/strings/apr_strings.c,v
> retrieving revision 1.8
> retrieving revision 1.9
> diff -u -r1.8 -r1.9
> --- apr_strings.c 2001/02/11 16:18:09 1.8
> +++ apr_strings.c 2001/02/11 16:25:07 1.9
> @@ -83,13 +83,18 @@
> APR_DECLARE(char *) apr_pstrndup(apr_pool_t *a, const char *s, apr_size_t n)
> {
> char *res;
> + size_t len;
>
> if (s == NULL) {
> return NULL;
> }
> res = apr_palloc(a, n + 1);
> - memcpy(res, s, n);
> - res[n] = '\0';
> + len = strlen(s);
> + if(len > n) {
> + memcpy(res, s, n);
> + res[n] = '\0';
> + } else
> + memcpy(res, s, len+1);
> return res;
> }
>
>
>
>
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
Re: cvs commit: apr/strings apr_strings.c
Posted by Greg Stein <gs...@lyra.org>.
Yup. Done and checked in.
[ I'm checking usage right now to ensure people don't depend on that... ]
Cheers,
-g
On Sun, Feb 11, 2001 at 04:32:19PM +0000, Ben Laurie wrote:
> Hmmm. Actually, this could improve its efficiency by only allocating
> len+1 bytes if len < n. Should we do that?
>
> Cheers,
>
> Ben.
>
> ben@apache.org wrote:
> >
> > ben 01/02/11 08:25:08
> >
> > Modified: strings apr_strings.c
> > Log:
> > ap_pstrndup could have caused out-of-bounds memory accesses (this is a
> > theoretical problem that I happened to notice). Only lightly tested.
> >
> > Revision Changes Path
> > 1.9 +7 -2 apr/strings/apr_strings.c
> >
> > Index: apr_strings.c
> > ===================================================================
> > RCS file: /home/cvs/apr/strings/apr_strings.c,v
> > retrieving revision 1.8
> > retrieving revision 1.9
> > diff -u -r1.8 -r1.9
> > --- apr_strings.c 2001/02/11 16:18:09 1.8
> > +++ apr_strings.c 2001/02/11 16:25:07 1.9
> > @@ -83,13 +83,18 @@
> > APR_DECLARE(char *) apr_pstrndup(apr_pool_t *a, const char *s, apr_size_t n)
> > {
> > char *res;
> > + size_t len;
> >
> > if (s == NULL) {
> > return NULL;
> > }
> > res = apr_palloc(a, n + 1);
> > - memcpy(res, s, n);
> > - res[n] = '\0';
> > + len = strlen(s);
> > + if(len > n) {
> > + memcpy(res, s, n);
> > + res[n] = '\0';
> > + } else
> > + memcpy(res, s, len+1);
> > return res;
> > }
> >
> >
> >
> >
>
> --
> http://www.apache-ssl.org/ben.html
>
> "There is no limit to what a man can do or how far he can go if he
> doesn't mind who gets the credit." - Robert Woodruff
--
Greg Stein, http://www.lyra.org/