1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From d6601f0af0452b218d247cb47513fc9cd6bbf2e2 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Sun, 29 Jan 2017 11:24:20 -0500
Subject: [PATCH] avoid unbounded strlen in gettext functions
use the standard strnlen idiom for cases where lengths greater than an
imposed limit are going to be rejected immediately anyway.
---
src/locale/dcngettext.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/locale/dcngettext.c b/src/locale/dcngettext.c
index 73a9fd70..b68e24bc 100644
--- a/src/locale/dcngettext.c
+++ b/src/locale/dcngettext.c
@@ -40,8 +40,8 @@ char *bindtextdomain(const char *domainname, const char *dirname)
if (!domainname) return 0;
if (!dirname) return gettextdir(domainname, &(size_t){0});
- size_t domlen = strlen(domainname);
- size_t dirlen = strlen(dirname);
+ size_t domlen = strnlen(domainname, NAME_MAX+1);
+ size_t dirlen = strnlen(dirname, PATH_MAX);
if (domlen > NAME_MAX || dirlen >= PATH_MAX) {
errno = EINVAL;
return 0;
@@ -127,7 +127,7 @@ char *dcngettext(const char *domainname, const char *msgid1, const char *msgid2,
if (!domainname) domainname = __gettextdomain();
- domlen = strlen(domainname);
+ domlen = strnlen(domainname, NAME_MAX+1);
if (domlen > NAME_MAX) goto notrans;
dirname = gettextdir(domainname, &dirlen);
--
2.11.1
|
