summaryrefslogtreecommitdiff
path: root/libudev/libudev-util.c
diff options
context:
space:
mode:
authorFlorian Zumbiehl <florz@florz.de>2009-09-01 12:54:21 +0200
committerKay Sievers <kay.sievers@vrfy.org>2009-09-01 12:54:21 +0200
commit8cfcf9980a3a7037a12a3052c38e4981cb0f0190 (patch)
treecac88db141b40e6077055b88b0651a9f88f1639b /libudev/libudev-util.c
parent06526049121495429757a5d2aa39189c30ca4aa7 (diff)
udev_util_encode_string(): fix possible buffer overflow
Diffstat (limited to 'libudev/libudev-util.c')
-rw-r--r--libudev/libudev-util.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/libudev/libudev-util.c b/libudev/libudev-util.c
index 38cfd7d0e6..9a656b5a98 100644
--- a/libudev/libudev-util.c
+++ b/libudev/libudev-util.c
@@ -448,28 +448,33 @@ int udev_util_encode_string(const char *str, char *str_enc, size_t len)
{
size_t i, j;
- if (str == NULL || str_enc == NULL || len == 0)
+ if (str == NULL || str_enc == NULL)
return -1;
- str_enc[0] = '\0';
for (i = 0, j = 0; str[i] != '\0'; i++) {
int seqlen;
seqlen = utf8_encoded_valid_unichar(&str[i]);
if (seqlen > 1) {
+ if (len-j < (size_t)seqlen)
+ goto err;
memcpy(&str_enc[j], &str[i], seqlen);
j += seqlen;
i += (seqlen-1);
} else if (str[i] == '\\' || !is_whitelisted(str[i], NULL)) {
+ if (len-j < 4)
+ goto err;
sprintf(&str_enc[j], "\\x%02x", (unsigned char) str[i]);
j += 4;
} else {
+ if (len-j < 1)
+ goto err;
str_enc[j] = str[i];
j++;
}
- if (j+3 >= len)
- goto err;
}
+ if (len-j < 1)
+ goto err;
str_enc[j] = '\0';
return 0;
err: