From 040f18ea8a682dc80c9f3940cf234ccd1135e115 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 20 Sep 2012 11:08:27 +0200
Subject: [PATCH] util: overflow hardening

---
 TODO              |  2 ++
 src/shared/util.c | 16 ++++++++++++----
 src/shared/util.h |  2 +-
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/TODO b/TODO
index 573a9534f..4a7fbb96a 100644
--- a/TODO
+++ b/TODO
@@ -17,6 +17,8 @@ F18:
 
 * Retest multi-seat
 
+* file bugs against KDE/... to take the new key inhibitor locks
+
 Features:
 
 * instantiated [Install] for target units
diff --git a/src/shared/util.c b/src/shared/util.c
index b48bad4c4..02ee6374c 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -1184,8 +1184,11 @@ char *strnappend(const char *s, const char *suffix, size_t b) {
         assert(suffix);
 
         a = strlen(s);
+        if ((size_t) -1 - a > b)
+                return NULL;
 
-        if (!(r = new(char, a+b+1)))
+        r = new(char, a+b+1);
+        if (!r)
                 return NULL;
 
         memcpy(r, s, a);
@@ -5014,12 +5017,17 @@ char *strjoin(const char *x, ...) {
 
                 for (;;) {
                         const char *t;
+                        size_t n;
 
                         t = va_arg(ap, const char *);
                         if (!t)
                                 break;
 
-                        l += strlen(t);
+                        n = strlen(t);
+                        if (n > ((size_t) -1) - l)
+                                return NULL;
+
+                        l += n;
                 }
         } else
                 l = 0;
@@ -5291,7 +5299,7 @@ int signal_from_string(const char *s) {
         int offset = 0;
         unsigned u;
 
-        signo =__signal_from_string(s);
+        signo = __signal_from_string(s);
         if (signo > 0)
                 return signo;
 
@@ -5683,7 +5691,7 @@ void warn_melody(void) {
         if (fd < 0)
                 return;
 
-        /* Yeah, this is synchronous. Kinda sucks. Bute well... */
+        /* Yeah, this is synchronous. Kinda sucks. But well... */
 
         ioctl(fd, KIOCSOUND, (int)(1193180/440));
         usleep(125*USEC_PER_MSEC);
diff --git a/src/shared/util.h b/src/shared/util.h
index e23d706eb..2e49cfde2 100644
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -551,7 +551,7 @@ _malloc_  static inline void *malloc_multiply(size_t a, size_t b) {
         return malloc(a * b);
 }
 
-static inline void *memdup_multiply(const void *p, size_t a, size_t b) {
+_malloc_ static inline void *memdup_multiply(const void *p, size_t a, size_t b) {
         if (_unlikely_(a > ((size_t) -1) / b))
                 return NULL;
 
-- 
2.30.2