Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/common/lib/libc/string Avoid out-of-bounds reads



details:   https://anonhg.NetBSD.org/src/rev/944981269d59
branches:  trunk
changeset: 994022:944981269d59
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Oct 15 18:37:19 2018 +0000

description:
Avoid out-of-bounds reads
https://www.openwall.com/lists/musl/2017/06/29/6
XXX: pullup-8

diffstat:

 common/lib/libc/string/memmem.c |  38 +++++++++++++++++++++-----------------
 1 files changed, 21 insertions(+), 17 deletions(-)

diffs (62 lines):

diff -r 8d21b01fe381 -r 944981269d59 common/lib/libc/string/memmem.c
--- a/common/lib/libc/string/memmem.c   Mon Oct 15 17:55:28 2018 +0000
+++ b/common/lib/libc/string/memmem.c   Mon Oct 15 18:37:19 2018 +0000
@@ -25,7 +25,7 @@
 #if 0
 __FBSDID("$FreeBSD: head/lib/libc/string/memmem.c 315468 2017-03-18 00:53:24Z emaste $");
 #else
-__RCSID("$NetBSD: memmem.c,v 1.1 2018/07/08 17:53:12 christos Exp $");
+__RCSID("$NetBSD: memmem.c,v 1.2 2018/10/15 18:37:19 christos Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -36,29 +36,33 @@
 #include <lib/libkern/libkern.h>
 #endif 
 
-static char *twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
+static char *twobyte_memmem(const unsigned char *h, size_t k,
+    const unsigned char *n)
 {
-       uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1];
-       for (h++, k--; k; k--, hw = hw<<8 | *++h)
-               if (hw == nw) return __UNCONST(h-1);
-       return 0;
+       uint16_t nw = n[0] << 8 | n[1], hw = h[0] << 8 | h[1];
+       for (h += 2, k -= 2; k; k--, hw = hw << 8 | *++h)
+               if (hw == nw) return __UNCONST(h - 2);
+       return hw == nw ? __UNCONST(h - 2) : 0;
 }
 
-static char *threebyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
+static char *threebyte_memmem(const unsigned char *h, size_t k,
+    const unsigned char *n)
 {
-       uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8;
-       uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8;
-       for (h+=2, k-=2; k; k--, hw = (hw|*++h)<<8)
-               if (hw == nw) return __UNCONST(h-2);
-       return 0;
+       uint32_t nw = n[0] << 24 | n[1] << 16 | n[2] << 8;
+       uint32_t hw = h[0] << 24 | h[1] << 16 | h[2] << 8;
+       for (h += 3, k -= 3; k; k--, hw = (hw|*++h) << 8)
+               if (hw == nw) return __UNCONST(h - 3);
+       return hw == nw ? __UNCONST(h - 3) : 0;
 }
 
-static char *fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
+static char *fourbyte_memmem(const unsigned char *h, size_t k,
+    const unsigned char *n)
 {
-       uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
-       uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
-       for (h+=3, k-=3; k; k--, hw = hw<<8 | *++h)
-               if (hw == nw) return __UNCONST(h-3);
+       uint32_t nw = n[0] << 24 | n[1] << 16 | n[2] << 8 | n[3];
+       uint32_t hw = h[0] << 24 | h[1] << 16 | h[2] << 8 | h[3];
+       for (h += 4, k -= 4; k; k--, hw = hw << 8 | *++h)
+               if (hw == nw) return __UNCONST(h - 4);
+       return hw == nw ? __UNCONST(h - 4) : 0;
        return 0;
 }
 



Home | Main Index | Thread Index | Old Index