core_rpc_server: fix overreads in slow_memmem
It would read data outside the allocated space in a couple cases.
This commit is contained in:
parent
2c739371ac
commit
add803be89
|
@ -398,17 +398,19 @@ namespace cryptonote
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
//------------------------------------------------------------------------------------------------------------------------------
|
//------------------------------------------------------------------------------------------------------------------------------
|
||||||
uint64_t slow_memmem(void* start_buff, size_t buflen,void* pat,size_t patlen)
|
// equivalent of strstr, but with arbitrary bytes (ie, NULs)
|
||||||
|
// This does not differentiate between "not found" and "found at offset 0"
|
||||||
|
uint64_t slow_memmem(const void* start_buff, size_t buflen,const void* pat,size_t patlen)
|
||||||
{
|
{
|
||||||
void* buf = start_buff;
|
const void* buf = start_buff;
|
||||||
void* end=(char*)buf+buflen-patlen;
|
const void* end=(const char*)buf+buflen;
|
||||||
while((buf=memchr(buf,((char*)pat)[0],buflen)))
|
if (patlen > buflen || patlen == 0) return 0;
|
||||||
|
while(buflen>0 && (buf=memchr(buf,((const char*)pat)[0],buflen-patlen+1)))
|
||||||
{
|
{
|
||||||
if(buf>end)
|
|
||||||
return 0;
|
|
||||||
if(memcmp(buf,pat,patlen)==0)
|
if(memcmp(buf,pat,patlen)==0)
|
||||||
return (char*)buf - (char*)start_buff;
|
return (const char*)buf - (const char*)start_buff;
|
||||||
buf=(char*)buf+1;
|
buf=(const char*)buf+1;
|
||||||
|
buflen = (const char*)end - (const char*)buf;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue