lib/string_helpers: rework overflow-dependent code

When @size is 0, the desired behavior is to allow unlimited bytes to be
parsed. Currently, this relies on some intentional arithmetic overflow
where --size gives us SIZE_MAX when size is 0.

Explicitly spell out the desired behavior without relying on intentional
overflow/underflow.

Signed-off-by: Justin Stitt <justinstitt@google.com>
Link: https://lore.kernel.org/r/20240808-b4-string_helpers_caa133-v1-1-686a455167c4@google.com
Signed-off-by: Kees Cook <kees@kernel.org>

diff --git a/lib/string_helpers.c b/lib/string_helpers.c
index 69ba49b853c7755291886a2bff918fe0ffc4edaf..4f887aa62fa0cdf0cfe54647def5f84dd1a630ee 100644 (file)
--- a/lib/string_helpers.c
+++ b/lib/string_helpers.c
@@ -321,6 +321,9 @@ int string_unescape(char *src, char *dst, size_t size, unsigned int flags)
 {
        char *out = dst;
 
+       if (!size)
+               size = SIZE_MAX;
+
        while (*src && --size) {
                if (src[0] == '\\' && src[1] != '\0' && size > 1) {
                        src++;