From: Tomas Mraz Date: Wed, 13 Oct 2021 07:00:31 +0000 (+0200) Subject: cmp.c: Avoid dereference with negative index and use memcpy X-Git-Tag: openssl-3.2.0-alpha1~3429 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=767db672c429aeb98a68b0e310dea15f1b48eb84;p=thirdparty%2Fopenssl.git cmp.c: Avoid dereference with negative index and use memcpy This prevents a compile-time warning on newer gcc. Also fix the related warning message. Fixes #16814 Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16821) --- diff --git a/apps/cmp.c b/apps/cmp.c index 170ac816f2a..b6e88e64f6d 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1989,7 +1989,7 @@ static void print_itavs(STACK_OF(OSSL_CMP_ITAV) *itavs) } static char opt_item[SECTION_NAME_MAX + 1]; -/* get previous name from a comma-separated list of names */ +/* get previous name from a comma or space-separated list of names */ static const char *prev_item(const char *opt, const char *end) { const char *beg; @@ -1998,19 +1998,28 @@ static const char *prev_item(const char *opt, const char *end) if (end == opt) return NULL; beg = end; - while (beg != opt && beg[-1] != ',' && !isspace(beg[-1])) - beg--; + while (beg > opt) { + --beg; + if (beg[0] == ',' || isspace(beg[0])) { + ++beg; + break; + } + } len = end - beg; if (len > SECTION_NAME_MAX) { - CMP_warn2("using only first %d characters of section name starting with \"%s\"", - SECTION_NAME_MAX, opt_item); + CMP_warn3("using only first %d characters of section name starting with \"%.*s\"", + SECTION_NAME_MAX, SECTION_NAME_MAX, beg); len = SECTION_NAME_MAX; } - strncpy(opt_item, beg, len); - opt_item[SECTION_NAME_MAX] = '\0'; /* avoid gcc v8 O3 stringop-truncation */ + memcpy(opt_item, beg, len); opt_item[len] = '\0'; - while (beg != opt && (beg[-1] == ',' || isspace(beg[-1]))) - beg--; + while (beg > opt) { + --beg; + if (beg[0] != ',' && !isspace(beg[0])) { + ++beg; + break; + } + } return beg; }