Make BUF_strndup() read-safe on arbitrary inputs
authorAlessandro Ghedini <alessandro@ghedini.me>
Wed, 16 Sep 2015 15:54:05 +0000 (17:54 +0200)
committerEmilia Kasper <emilia@openssl.org>
Tue, 22 Sep 2015 17:50:53 +0000 (19:50 +0200)
commit110f7b37de9feecfb64950601cc7cec77cf6130b
treeeb27f7cd046f401ccfbd97132c84240f231b00e3
parentdb9defdfe306e1adf0af7188b187d535eb0268da
Make BUF_strndup() read-safe on arbitrary inputs

BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.

Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.

The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().

Reviewed-by: Matt Caswell <matt@openssl.org>
crypto/buffer/buf_str.c
include/openssl/buffer.h