make buf_getstring fail prior to malloc if the buffer is short

author: Matt Johnston <matt@ucc.asn.au> 2017-05-20 23:39:01 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2017-05-20 23:39:01 +0800
commit: 388c860fa18affa7674ed9d9cf1a7ee8afed1b25 (patch)
tree: 410892dee6ffcf77fd24994755bfa754e62a79fd
parent: 8c8e8bc29af3600719cbcf3d194f245f8fdb5256 (diff)
download: dropbear-388c860fa18affa7674ed9d9cf1a7ee8afed1b25.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/buffer.c b/buffer.c
index 0ca50b4..a462374 100644
--- a/buffer.c
+++ b/buffer.c
@@ -209,6 +209,7 @@ char* buf_getstring(buffer* buf, unsigned int *retlen) {
 
 	unsigned int len;
 	char* ret;
+	void* src = NULL;
 	len = buf_getint(buf);
 	if (len > MAX_STRING_LEN) {
 		dropbear_exit("String too long");
@@ -217,8 +218,9 @@ char* buf_getstring(buffer* buf, unsigned int *retlen) {
 	if (retlen != NULL) {
 		*retlen = len;
 	}
+	src = buf_getptr(buf, len);
 	ret = m_malloc(len+1);
-	memcpy(ret, buf_getptr(buf, len), len);
+	memcpy(ret, src, len);
 	buf_incrpos(buf, len);
 	ret[len] = '\0';
author	Matt Johnston <matt@ucc.asn.au>	2017-05-20 23:39:01 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2017-05-20 23:39:01 +0800
commit	388c860fa18affa7674ed9d9cf1a7ee8afed1b25 (patch)
tree	410892dee6ffcf77fd24994755bfa754e62a79fd
parent	8c8e8bc29af3600719cbcf3d194f245f8fdb5256 (diff)
download	dropbear-388c860fa18affa7674ed9d9cf1a7ee8afed1b25.tar.gz