From: trinity-1686a <trinity@deuxfleurs.fr>
Date: Wed, 15 Nov 2023 01:01:34 +0000 (+0100)
Subject: add sanity check in tor_memmem
X-Git-Tag: tor-0.4.9.1-alpha~70^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f2ddfdd50e52f9a6aa4afafccb5ad5e04f79e2cc;p=thirdparty%2Ftor.git

add sanity check in tor_memmem

it's believed most libc already have those, but just in case, it can't
hurt
---

diff --git a/src/lib/string/util_string.c b/src/lib/string/util_string.c
index b1c0a11439..60b5933e4d 100644
--- a/src/lib/string/util_string.c
+++ b/src/lib/string/util_string.c
@@ -31,6 +31,8 @@ tor_memmem(const void *_haystack, size_t hlen,
 {
 #if defined(HAVE_MEMMEM) && (!defined(__GNUC__) || __GNUC__ >= 2)
   raw_assert(nlen);
+  if (nlen > hlen)
+    return NULL;
   return memmem(_haystack, hlen, _needle, nlen);
 #else
   /* This isn't as fast as the GLIBC implementation, but it doesn't need to