From: 2xsec Date: Thu, 18 Oct 2018 06:16:54 +0000 (+0900) Subject: string_utils: fix global buffer overflow issue X-Git-Tag: lxc-3.1.0~44^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7cfde20f987262acaf5250bfd305691ebe303fd6;p=thirdparty%2Flxc.git string_utils: fix global buffer overflow issue Signed-off-by: 2xsec --- diff --git a/src/lxc/string_utils.c b/src/lxc/string_utils.c index fb46109b9..7bc99c428 100644 --- a/src/lxc/string_utils.c +++ b/src/lxc/string_utils.c @@ -784,24 +784,32 @@ char *must_make_path(const char *first, ...) char *cur, *dest; size_t full_len = strlen(first); size_t buf_len; + size_t cur_len; dest = must_copy_string(first); + cur_len = full_len; va_start(args, first); while ((cur = va_arg(args, char *)) != NULL) { - full_len += strlen(cur); + buf_len = strlen(cur); + + full_len += buf_len; if (cur[0] != '/') full_len++; - buf_len = full_len + 1; - dest = must_realloc(dest, buf_len); + dest = must_realloc(dest, full_len + 1); - if (cur[0] != '/') - (void)strlcat(dest, "/", buf_len); - (void)strlcat(dest, cur, buf_len); + if (cur[0] != '/') { + memcpy(dest + cur_len, "/", 1); + cur_len++; + } + + memcpy(dest + cur_len, cur, buf_len); + cur_len += buf_len; } va_end(args); + dest[cur_len] = '\0'; return dest; } @@ -812,23 +820,32 @@ char *must_append_path(char *first, ...) va_list args; char *dest = first; size_t buf_len; + size_t cur_len; full_len = strlen(first); + cur_len = full_len; + va_start(args, first); while ((cur = va_arg(args, char *)) != NULL) { - full_len += strlen(cur); + buf_len = strlen(cur); + + full_len += buf_len; if (cur[0] != '/') full_len++; - buf_len = full_len + 1; - dest = must_realloc(dest, buf_len); + dest = must_realloc(dest, full_len + 1); - if (cur[0] != '/') - (void)strlcat(dest, "/", buf_len); - (void)strlcat(dest, cur, buf_len); + if (cur[0] != '/') { + memcpy(dest + cur_len, "/", 1); + cur_len++; + } + + memcpy(dest + cur_len, cur, buf_len); + cur_len += buf_len; } va_end(args); + dest[cur_len] = '\0'; return dest; }