core_rpc_server: fix overreads in slow_memmem

It would read data outside the allocated space in a couple cases.
This commit is contained in:
moneromooo-monero 2014-10-06 10:27:34 +01:00
parent 2c739371ac
commit add803be89
No known key found for this signature in database
GPG Key ID: 686F07454D6CEFC3
1 changed files with 10 additions and 8 deletions

View File

@ -398,17 +398,19 @@ namespace cryptonote
return true; return true;
} }
//------------------------------------------------------------------------------------------------------------------------------ //------------------------------------------------------------------------------------------------------------------------------
uint64_t slow_memmem(void* start_buff, size_t buflen,void* pat,size_t patlen) // equivalent of strstr, but with arbitrary bytes (ie, NULs)
// This does not differentiate between "not found" and "found at offset 0"
uint64_t slow_memmem(const void* start_buff, size_t buflen,const void* pat,size_t patlen)
{ {
void* buf = start_buff; const void* buf = start_buff;
void* end=(char*)buf+buflen-patlen; const void* end=(const char*)buf+buflen;
while((buf=memchr(buf,((char*)pat)[0],buflen))) if (patlen > buflen || patlen == 0) return 0;
while(buflen>0 && (buf=memchr(buf,((const char*)pat)[0],buflen-patlen+1)))
{ {
if(buf>end)
return 0;
if(memcmp(buf,pat,patlen)==0) if(memcmp(buf,pat,patlen)==0)
return (char*)buf - (char*)start_buff; return (const char*)buf - (const char*)start_buff;
buf=(char*)buf+1; buf=(const char*)buf+1;
buflen = (const char*)end - (const char*)buf;
} }
return 0; return 0;
} }