ap_pstrndup could have caused out-of-bounds memory accesses (this is a

theoretical problem that I happened to notice). Only lightly tested. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@61215 13f79535-47bb-0310-9956-ffa450edef68
author: Ben Laurie <ben@apache.org> 2001-02-11 16:25:07 +0000
committer: Ben Laurie <ben@apache.org> 2001-02-11 16:25:07 +0000
commit: db0a18b7fcbca58f36ba58cf3e7ba4f21cbb4e85 (patch)
tree: d238bee44a4f43c17ee5a7eb16cc08819579cced /strings
parent: 49e8a536e5f5af9c0f2f2d02656c26374c3ba04f (diff)
download: apr-db0a18b7fcbca58f36ba58cf3e7ba4f21cbb4e85.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/strings/apr_strings.c b/strings/apr_strings.c
index a32f0c5d1..85ac9f7b8 100644
--- a/strings/apr_strings.c
+++ b/strings/apr_strings.c
@@ -83,13 +83,18 @@ APR_DECLARE(char *) apr_pstrdup(apr_pool_t *a, const char *s)
 APR_DECLARE(char *) apr_pstrndup(apr_pool_t *a, const char *s, apr_size_t n)
 {
     char *res;
+    size_t len;
 
     if (s == NULL) {
         return NULL;
     }
     res = apr_palloc(a, n + 1);
-    memcpy(res, s, n);
-    res[n] = '\0';
+    len = strlen(s);
+    if(len > n) {
+	memcpy(res, s, n);
+	res[n] = '\0';
+    } else
+	memcpy(res, s, len+1);
     return res;
 }
author	Ben Laurie <ben@apache.org>	2001-02-11 16:25:07 +0000
committer	Ben Laurie <ben@apache.org>	2001-02-11 16:25:07 +0000
commit	db0a18b7fcbca58f36ba58cf3e7ba4f21cbb4e85 (patch)
tree	d238bee44a4f43c17ee5a7eb16cc08819579cced /strings
parent	49e8a536e5f5af9c0f2f2d02656c26374c3ba04f (diff)
download	apr-db0a18b7fcbca58f36ba58cf3e7ba4f21cbb4e85.tar.gz