diff options
author | Florian Zumbiehl <florz@florz.de> | 2009-09-01 12:54:21 +0200 |
---|---|---|
committer | Kay Sievers <kay.sievers@vrfy.org> | 2009-09-01 12:54:21 +0200 |
commit | 8cfcf9980a3a7037a12a3052c38e4981cb0f0190 (patch) | |
tree | cac88db141b40e6077055b88b0651a9f88f1639b /libudev/libudev-util.c | |
parent | 06526049121495429757a5d2aa39189c30ca4aa7 (diff) |
udev_util_encode_string(): fix possible buffer overflow
Diffstat (limited to 'libudev/libudev-util.c')
-rw-r--r-- | libudev/libudev-util.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/libudev/libudev-util.c b/libudev/libudev-util.c index 38cfd7d0e6..9a656b5a98 100644 --- a/libudev/libudev-util.c +++ b/libudev/libudev-util.c @@ -448,28 +448,33 @@ int udev_util_encode_string(const char *str, char *str_enc, size_t len) { size_t i, j; - if (str == NULL || str_enc == NULL || len == 0) + if (str == NULL || str_enc == NULL) return -1; - str_enc[0] = '\0'; for (i = 0, j = 0; str[i] != '\0'; i++) { int seqlen; seqlen = utf8_encoded_valid_unichar(&str[i]); if (seqlen > 1) { + if (len-j < (size_t)seqlen) + goto err; memcpy(&str_enc[j], &str[i], seqlen); j += seqlen; i += (seqlen-1); } else if (str[i] == '\\' || !is_whitelisted(str[i], NULL)) { + if (len-j < 4) + goto err; sprintf(&str_enc[j], "\\x%02x", (unsigned char) str[i]); j += 4; } else { + if (len-j < 1) + goto err; str_enc[j] = str[i]; j++; } - if (j+3 >= len) - goto err; } + if (len-j < 1) + goto err; str_enc[j] = '\0'; return 0; err: |