Commit
b311e98b ("pppd: Limit memory accessed by string formats with
max length specified") added calls to strnlen() in vslprintf().
Unfortunately, strnlen() is not provided in some standard C libraries.
This changes the code to avoid using strnlen(). Using the observation
that the number of characters we can use from the input string is
bounded by buflen, the number of bytes of output buffer available,
we can also avoid doing strlen() on a potentially long string.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
u_int32_t ip;
static char hexchars[] = "0123456789abcdef";
struct buffer_info bufinfo;
+ int termch;
buf0 = buf;
--buflen;
p = (unsigned char *)"<NULL>";
if (fillch == '0' && prec >= 0) {
n = prec;
+ termch = -1; /* matches no unsigned char value */
} else {
- if (prec == -1)
- n = strlen((char *)p);
- else
- n = strnlen((char *)p, prec);
+ n = buflen;
+ if (prec != -1 && n > prec)
+ n = prec;
+ termch = 0; /* stop on null byte */
}
while (n > 0 && buflen > 0) {
c = *p++;
+ if (c == termch)
+ break;
--n;
if (!quoted && c >= 0x80) {
OUTCHAR('M');
}
len = num + sizeof(num) - 1 - str;
} else {
- if (prec == -1)
- len = strlen(str);
- else
- len = strnlen(str, prec);
+ for (len = 0; len < buflen && (prec == -1 || len < prec); ++len)
+ if (str[len] == 0)
+ break;
}
if (width > 0) {
if (width > buflen)