diff options
| author | Thomas Haller <thaller@redhat.com> | 2023-07-28 09:24:26 (GMT) |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2023-07-28 10:31:20 (GMT) |
| commit | ca34ad524ec7a9f0e24bb5975b178a3e70268f0f (patch) | |
| tree | 5b4c5165344c68181ef852fea6678f2c887b026c | |
| parent | 859b89dc567a60007151037bb2eb0cccbfca1f8c (diff) | |
| download | libnl-ca34ad524ec7a9f0e24bb5975b178a3e70268f0f.zip libnl-ca34ad524ec7a9f0e24bb5975b178a3e70268f0f.tar.gz libnl-ca34ad524ec7a9f0e24bb5975b178a3e70268f0f.tar.bz2 | |
lib: handle negative and zero size in nla_memcpy()
a negative count is a bug in the caller. Still, handle it better than
just crashing. Maybe we should assert, but it doesn't seem best to
assert against user input.
Also, if count is zero, don't call memcpy(). Calling memcpy() requires
that the source and destination pointers are valid, otherwise it's
undefined behavior. I think if the caller tells us to copy zero bytes,
we should never look at the destination pointer.
| -rw-r--r-- | lib/attr.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -349,10 +349,13 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) if (!src) return 0; - + minlen = _NL_MIN(count, nla_len(src)); - memcpy(dest, nla_data(src), minlen); + if (minlen <= 0) + return 0; + + memcpy(dest, nla_data(src), minlen); return minlen; } |