1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 14:55:37 +03:00

tree-wide: use memmem_safe()

Let's be paranoid and do something useful if we operate with empty
haystack/needle. This doesn't actually fix anything, as the places as
far as I can see check for non-emptyness already beforehand, but I will
sleep safer at night, if we don't even allow the trap to be fallen in,
ever, even if the code is changed sooner or later.
This commit is contained in:
Lennart Poettering 2021-08-10 14:39:57 +02:00
parent d8782cc5c2
commit e8b08edcdf
3 changed files with 13 additions and 12 deletions

View File

@ -163,7 +163,7 @@ static int get_file_version(int fd, char **v) {
if (!s)
goto finish;
e = memmem(s, st.st_size - (s - buf), " ####", 5);
e = memmem_safe(s, st.st_size - (s - buf), " ####", 5);
if (!e || e - s < 3) {
r = log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Malformed version string.");
goto finish;

View File

@ -10,6 +10,7 @@
#include "escape.h"
#include "fd-util.h"
#include "io-util.h"
#include "memory-util.h"
#include "path-util.h"
#include "process-util.h"
#include "pull-common.h"
@ -342,18 +343,18 @@ static int verify_one(PullJob *checksum_job, PullJob *job) {
line = strjoina(job->checksum, " *", fn, "\n");
p = memmem(checksum_job->payload,
checksum_job->payload_size,
line,
strlen(line));
p = memmem_safe(checksum_job->payload,
checksum_job->payload_size,
line,
strlen(line));
if (!p) {
line = strjoina(job->checksum, " ", fn, "\n");
p = memmem(checksum_job->payload,
checksum_job->payload_size,
line,
strlen(line));
p = memmem_safe(checksum_job->payload,
checksum_job->payload_size,
line,
strlen(line));
}
if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n'))

View File

@ -173,12 +173,12 @@ static int bus_socket_auth_verify_client(sd_bus *b) {
if (!d)
return 0;
e = memmem(d + 2, b->rbuffer_size - (d - (char*) b->rbuffer) - 2, "\r\n", 2);
e = memmem_safe(d + 2, b->rbuffer_size - (d - (char*) b->rbuffer) - 2, "\r\n", 2);
if (!e)
return 0;
if (b->accept_fd) {
f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
f = memmem_safe(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
if (!f)
return 0;
@ -399,7 +399,7 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
for (;;) {
/* Check if line is complete */
line = (char*) b->rbuffer + b->auth_rbegin;
e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
e = memmem_safe(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
if (!e)
return processed;