]>
Commit | Line | Data |
---|---|---|
d93fa11a AM |
1 | From 36c6d268cb190282a2c17106acfd31863121b58e Mon Sep 17 00:00:00 2001 |
2 | From: Frank Denis <github@pureftpd.org> | |
3 | Date: Mon, 24 Feb 2020 15:19:43 +0100 | |
4 | Subject: [PATCH] pure_strcmp(): len(s2) can be > len(s1) | |
5 | ||
6 | Reported by Antonio Morales from GitHub Security Labs, thanks! | |
7 | --- | |
8 | src/utils.c | 8 +++++++- | |
9 | 1 file changed, 7 insertions(+), 1 deletion(-) | |
10 | ||
11 | diff --git a/src/utils.c b/src/utils.c | |
12 | index f41492d..a7f0381 100644 | |
13 | --- a/src/utils.c | |
14 | +++ b/src/utils.c | |
15 | @@ -45,5 +45,11 @@ int pure_memcmp(const void * const b1_, const void * const b2_, size_t len) | |
16 | ||
17 | int pure_strcmp(const char * const s1, const char * const s2) | |
18 | { | |
19 | - return pure_memcmp(s1, s2, strlen(s1) + 1U); | |
20 | + const size_t s1_len = strlen(s1); | |
21 | + const size_t s2_len = strlen(s2); | |
22 | + | |
23 | + if (s1_len != s2_len) { | |
24 | + return -1; | |
25 | + } | |
26 | + return pure_memcmp(s1, s2, s1_len); | |
27 | } |