CVS commit: src/common/lib/libc/string

[Christos Zoulas]

Module Name:    src
Committed By:   christos
Date:           Mon Oct 15 18:37:19 UTC 2018

Modified Files:
        src/common/lib/libc/string: memmem.c

Log Message:
Avoid out-of-bounds reads
https://www.openwall.com/lists/musl/2017/06/29/6
XXX: pullup-8


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/common/lib/libc/string/memmem.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/common/lib/libc/string/memmem.c
diff -u src/common/lib/libc/string/memmem.c:1.1 src/common/lib/libc/string/memmem.c:1.2
--- src/common/lib/libc/string/memmem.c:1.1	Sun Jul  8 13:53:12 2018
+++ src/common/lib/libc/string/memmem.c	Mon Oct 15 14:37:19 2018
@@ -25,7 +25,7 @@
 #if 0
 __FBSDID("$FreeBSD: head/lib/libc/string/memmem.c 315468 2017-03-18 00:53:24Z emaste $");
 #else
-__RCSID("$NetBSD: memmem.c,v 1.1 2018/07/08 17:53:12 christos Exp $");
+__RCSID("$NetBSD: memmem.c,v 1.2 2018/10/15 18:37:19 christos Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -36,29 +36,33 @@ __RCSID("$NetBSD: memmem.c,v 1.1 2018/07
 #include <lib/libkern/libkern.h>
 #endif 
 
-static char *twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
+static char *twobyte_memmem(const unsigned char *h, size_t k,
+    const unsigned char *n)
 {
-	uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1];
-	for (h++, k--; k; k--, hw = hw<<8 | *++h)
-		if (hw == nw) return __UNCONST(h-1);
-	return 0;
+	uint16_t nw = n[0] << 8 | n[1], hw = h[0] << 8 | h[1];
+	for (h += 2, k -= 2; k; k--, hw = hw << 8 | *++h)
+		if (hw == nw) return __UNCONST(h - 2);
+	return hw == nw ? __UNCONST(h - 2) : 0;
 }
 
-static char *threebyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
+static char *threebyte_memmem(const unsigned char *h, size_t k,
+    const unsigned char *n)
 {
-	uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8;
-	uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8;
-	for (h+=2, k-=2; k; k--, hw = (hw|*++h)<<8)
-		if (hw == nw) return __UNCONST(h-2);
-	return 0;
+	uint32_t nw = n[0] << 24 | n[1] << 16 | n[2] << 8;
+	uint32_t hw = h[0] << 24 | h[1] << 16 | h[2] << 8;
+	for (h += 3, k -= 3; k; k--, hw = (hw|*++h) << 8)
+		if (hw == nw) return __UNCONST(h - 3);
+	return hw == nw ? __UNCONST(h - 3) : 0;
 }
 
-static char *fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
+static char *fourbyte_memmem(const unsigned char *h, size_t k,
+    const unsigned char *n)
 {
-	uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
-	uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
-	for (h+=3, k-=3; k; k--, hw = hw<<8 | *++h)
-		if (hw == nw) return __UNCONST(h-3);
+	uint32_t nw = n[0] << 24 | n[1] << 16 | n[2] << 8 | n[3];
+	uint32_t hw = h[0] << 24 | h[1] << 16 | h[2] << 8 | h[3];
+	for (h += 4, k -= 4; k; k--, hw = hw << 8 | *++h)
+		if (hw == nw) return __UNCONST(h - 4);
+	return hw == nw ? __UNCONST(h - 4) : 0;
 	return 0;
 }