diff options
author | Havoc Pennington <hp@localhost.localdomain> | 2007-10-31 13:58:28 -0400 |
---|---|---|
committer | Havoc Pennington <hp@localhost.localdomain> | 2007-10-31 13:58:28 -0400 |
commit | bef4260ad58bc9eb75e2e1a52ad9b49bc3c70fa5 (patch) | |
tree | a1cabf96f8f525936ebdc1ab88100b5598fd397f /dbus/dbus-string.c | |
parent | 5340b8de0b537380e0c445495300739d75abeb2f (diff) |
Fix a problem where a nul byte was wrongly introduced into UUIDs, due to _dbus_string_copy_to_buffer weird behavior.
2007-10-31 Havoc Pennington <hp@redhat.com>
* bus/selinux.c (log_audit_callback): rewrite to use
_dbus_string_copy_to_buffer_with_nul()
* dbus/dbus-string.c (_dbus_string_copy_to_buffer): change to NOT
nul-terminate the buffer; fail an assertion if there is not enough
space in the target buffer. This fixes two bugs where
copy_to_buffer was used to copy the binary bytes in a UUID, where
nul termination did not make sense. Bug reported by David Castelow.
(_dbus_string_copy_to_buffer_with_nul): new function that always
nul-terminates the buffer, and fails an assertion if there is not
enough space in the buffer.
Diffstat (limited to 'dbus/dbus-string.c')
-rw-r--r-- | dbus/dbus-string.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/dbus/dbus-string.c b/dbus/dbus-string.c index 000b4f64..cb108a8d 100644 --- a/dbus/dbus-string.c +++ b/dbus/dbus-string.c @@ -741,8 +741,9 @@ _dbus_string_copy_data (const DBusString *str, } /** - * Copies the contents of a DBusString into a different - * buffer. The resulting buffer will be nul-terminated. + * Copies the contents of a DBusString into a different buffer. It is + * a bug if avail_len is too short to hold the string contents. nul + * termination is not copied, just the supplied bytes. * * @param str a string * @param buffer a C buffer to copy data to @@ -753,15 +754,34 @@ _dbus_string_copy_to_buffer (const DBusString *str, char *buffer, int avail_len) { - int copy_len; DBUS_CONST_STRING_PREAMBLE (str); _dbus_assert (avail_len >= 0); + _dbus_assert (avail_len >= real->len); + + memcpy (buffer, real->str, real->len); +} + +/** + * Copies the contents of a DBusString into a different buffer. It is + * a bug if avail_len is too short to hold the string contents plus a + * nul byte. + * + * @param str a string + * @param buffer a C buffer to copy data to + * @param avail_len maximum length of C buffer + */ +void +_dbus_string_copy_to_buffer_with_nul (const DBusString *str, + char *buffer, + int avail_len) +{ + DBUS_CONST_STRING_PREAMBLE (str); - copy_len = MIN (avail_len, real->len+1); - memcpy (buffer, real->str, copy_len); - if (avail_len > 0 && avail_len == copy_len) - buffer[avail_len-1] = '\0'; + _dbus_assert (avail_len >= 0); + _dbus_assert (avail_len > real->len); + + memcpy (buffer, real->str, real->len+1); } #ifdef DBUS_BUILD_TESTS |