chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
udev_util_encode_string(): fix possible buffer overflow
[elogind.git] / libudev / libudev-util.c
diff --git a/libudev/libudev-util.c b/libudev/libudev-util.c
index 61cd963421a4842db897318b0aa83537ef29aac5..9a656b5a98ae5ef9cf408eb7c27b4bf5f33840ae 100644 (file)
--- a/libudev/libudev-util.c
+++ b/libudev/libudev-util.c
@@ -31,7 +31,7 @@ static ssize_t get_sys_link(struct udev *udev, const char *slink, const char *sy
 
        util_strscpyl(path, sizeof(path), syspath, "/", slink, NULL);
        len = readlink(path, path, sizeof(path));
-       if (len < 0 || len >= (ssize_t) sizeof(path))
+       if (len <= 0 || len == (ssize_t)sizeof(path))
                return -1;
        path[len] = '\0';
        pos = strrchr(path, '/');
@@ -448,28 +448,33 @@ int udev_util_encode_string(const char *str, char *str_enc, size_t len)
 {
        size_t i, j;
 
-       if (str == NULL || str_enc == NULL || len == 0)
+       if (str == NULL || str_enc == NULL)
                return -1;
 
-       str_enc[0] = '\0';
        for (i = 0, j = 0; str[i] != '\0'; i++) {
                int seqlen;
 
                seqlen = utf8_encoded_valid_unichar(&str[i]);
                if (seqlen > 1) {
+                       if (len-j < (size_t)seqlen)
+                               goto err;
                        memcpy(&str_enc[j], &str[i], seqlen);
                        j += seqlen;
                        i += (seqlen-1);
                } else if (str[i] == '\\' || !is_whitelisted(str[i], NULL)) {
+                       if (len-j < 4)
+                               goto err;
                        sprintf(&str_enc[j], "\\x%02x", (unsigned char) str[i]);
                        j += 4;
                } else {
+                       if (len-j < 1)
+                               goto err;
                        str_enc[j] = str[i];
                        j++;
                }
-               if (j+3 >= len)
-                       goto err;
        }
+       if (len-j < 1)
+               goto err;
        str_enc[j] = '\0';
        return 0;
 err:
Unnamed repository; edit this file 'description' to name the repository.