Yup. Done and checked in.
[ I'm checking usage right now to ensure people don't depend on that... ]
Cheers,
-g
On Sun, Feb 11, 2001 at 04:32:19PM +0000, Ben Laurie wrote:
> Hmmm. Actually, this could improve its efficiency by only allocating
> len+1 bytes if len < n. Should we do that?
>
> Cheers,
>
> Ben.
>
> [EMAIL PROTECTED] wrote:
> >
> > ben 01/02/11 08:25:08
> >
> > Modified: strings apr_strings.c
> > Log:
> > ap_pstrndup could have caused out-of-bounds memory accesses (this is a
> > theoretical problem that I happened to notice). Only lightly tested.
> >
> > Revision Changes Path
> > 1.9 +7 -2 apr/strings/apr_strings.c
> >
> > Index: apr_strings.c
> > ===================================================================
> > RCS file: /home/cvs/apr/strings/apr_strings.c,v
> > retrieving revision 1.8
> > retrieving revision 1.9
> > diff -u -r1.8 -r1.9
> > --- apr_strings.c 2001/02/11 16:18:09 1.8
> > +++ apr_strings.c 2001/02/11 16:25:07 1.9
> > @@ -83,13 +83,18 @@
> > APR_DECLARE(char *) apr_pstrndup(apr_pool_t *a, const char *s,
> > apr_size_t n)
> > {
> > char *res;
> > + size_t len;
> >
> > if (s == NULL) {
> > return NULL;
> > }
> > res = apr_palloc(a, n + 1);
> > - memcpy(res, s, n);
> > - res[n] = '\0';
> > + len = strlen(s);
> > + if(len > n) {
> > + memcpy(res, s, n);
> > + res[n] = '\0';
> > + } else
> > + memcpy(res, s, len+1);
> > return res;
> > }
> >
> >
> >
> >
>
> --
> http://www.apache-ssl.org/ben.html
>
> "There is no limit to what a man can do or how far he can go if he
> doesn't mind who gets the credit." - Robert Woodruff
--
Greg Stein, http://www.lyra.org/
