Make BUF_strndup() read-safe on arbitrary inputs
authorAlessandro Ghedini <alessandro@ghedini.me>
Wed, 16 Sep 2015 15:54:05 +0000 (17:54 +0200)
committerEmilia Kasper <emilia@openssl.org>
Tue, 22 Sep 2015 18:03:57 +0000 (20:03 +0200)
commitf61216ba9d17430fb5eb3e2b202a209960b9d51b
treec82ad8f99402f83390c90626fde53c7f89fae2a1
parentc038e6b50497a4c63044a509e925a6eebff3e747
Make BUF_strndup() read-safe on arbitrary inputs

BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.

Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.

The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 110f7b37de9feecfb64950601cc7cec77cf6130b)
crypto/buffer/buf_str.c
crypto/buffer/buffer.h