ben 01/02/11 08:25:08
Modified: strings apr_strings.c
Log:
ap_pstrndup could have caused out-of-bounds memory accesses (this is a
theoretical problem that I happened to notice). Only lightly tested.
Revision Changes Path
1.9 +7 -2 apr/strings/apr_strings.c
Index: apr_strings.c
===================================================================
RCS file: /home/cvs/apr/strings/apr_strings.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- apr_strings.c 2001/02/11 16:18:09 1.8
+++ apr_strings.c 2001/02/11 16:25:07 1.9
@@ -83,13 +83,18 @@
APR_DECLARE(char *) apr_pstrndup(apr_pool_t *a, const char *s, apr_size_t n)
{
char *res;
+ size_t len;
if (s == NULL) {
return NULL;
}
res = apr_palloc(a, n + 1);
- memcpy(res, s, n);
- res[n] = '\0';
+ len = strlen(s);
+ if(len > n) {
+ memcpy(res, s, n);
+ res[n] = '\0';
+ } else
+ memcpy(res, s, len+1);
return res;
}
