[packages/pure-ftpd.git] / pure-ftpd-1.0.49-pure_strcmp_OOB_read.patch

From 36c6d268cb190282a2c17106acfd31863121b58e Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 24 Feb 2020 15:19:43 +0100
Subject: [PATCH] pure_strcmp(): len(s2) can be > len(s1)

Reported by Antonio Morales from GitHub Security Labs, thanks!
---
 src/utils.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/utils.c b/src/utils.c
index f41492d..a7f0381 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -45,5 +45,11 @@ int pure_memcmp(const void * const b1_, const void * const b2_, size_t len)
 
 int pure_strcmp(const char * const s1, const char * const s2)
 {
-    return pure_memcmp(s1, s2, strlen(s1) + 1U);
+    const size_t s1_len = strlen(s1);
+    const size_t s2_len = strlen(s2);
+
+    if (s1_len != s2_len) {
+        return -1;
+    }
+    return pure_memcmp(s1, s2, s1_len);
 }
Commit	Line	Data
d93fa11a AM	1	From 36c6d268cb190282a2c17106acfd31863121b58e Mon Sep 17 00:00:00 2001
	2	From: Frank Denis <github@pureftpd.org>
	3	Date: Mon, 24 Feb 2020 15:19:43 +0100
	4	Subject: [PATCH] pure_strcmp(): len(s2) can be > len(s1)
	5
	6	Reported by Antonio Morales from GitHub Security Labs, thanks!
	7	---
	8	src/utils.c \| 8 +++++++-
	9	1 file changed, 7 insertions(+), 1 deletion(-)
	10
	11	diff --git a/src/utils.c b/src/utils.c
	12	index f41492d..a7f0381 100644
	13	--- a/src/utils.c
	14	+++ b/src/utils.c
	15	@@ -45,5 +45,11 @@ int pure_memcmp(const void * const b1_, const void * const b2_, size_t len)
	16
	17	int pure_strcmp(const char * const s1, const char * const s2)
	18	{
	19	- return pure_memcmp(s1, s2, strlen(s1) + 1U);
	20	+ const size_t s1_len = strlen(s1);
	21	+ const size_t s2_len = strlen(s2);
	22	+
	23	+ if (s1_len != s2_len) {
	24	+ return -1;
	25	+ }
	26	+ return pure_memcmp(s1, s2, s1_len);
	27	}