diff options
author | Ben Laurie <ben@apache.org> | 2001-02-11 16:25:07 +0000 |
---|---|---|
committer | Ben Laurie <ben@apache.org> | 2001-02-11 16:25:07 +0000 |
commit | db0a18b7fcbca58f36ba58cf3e7ba4f21cbb4e85 (patch) | |
tree | d238bee44a4f43c17ee5a7eb16cc08819579cced /strings | |
parent | 49e8a536e5f5af9c0f2f2d02656c26374c3ba04f (diff) | |
download | apr-db0a18b7fcbca58f36ba58cf3e7ba4f21cbb4e85.tar.gz |
ap_pstrndup could have caused out-of-bounds memory accesses (this is a
theoretical problem that I happened to notice). Only lightly tested.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@61215 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'strings')
-rw-r--r-- | strings/apr_strings.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/strings/apr_strings.c b/strings/apr_strings.c index a32f0c5d1..85ac9f7b8 100644 --- a/strings/apr_strings.c +++ b/strings/apr_strings.c @@ -83,13 +83,18 @@ APR_DECLARE(char *) apr_pstrdup(apr_pool_t *a, const char *s) APR_DECLARE(char *) apr_pstrndup(apr_pool_t *a, const char *s, apr_size_t n) { char *res; + size_t len; if (s == NULL) { return NULL; } res = apr_palloc(a, n + 1); - memcpy(res, s, n); - res[n] = '\0'; + len = strlen(s); + if(len > n) { + memcpy(res, s, n); + res[n] = '\0'; + } else + memcpy(res, s, len+1); return res; } |