rsrv: avoid strlen() on possible unterminated strings
Detect these w/o risk of SIGSEGV
This commit is contained in:
Michael Davidsaver
committed by
Michael Davidsaver
Michael Davidsaver
parent
746c739769
commit
428268a71e
@@ -21,6 +21,7 @@
|
||||
|
||||
#include "osiSock.h"
|
||||
#include "osiPoolStatus.h"
|
||||
#include "epicsString.h"
|
||||
#include "epicsEvent.h"
|
||||
#include "epicsStdio.h"
|
||||
#include "epicsThread.h"
|
||||
@@ -708,7 +709,7 @@ static int read_action ( caHdrLargeArray *mp, void *pPayloadIn, struct client *p
|
||||
*/
|
||||
if ( mp->m_dataType == DBR_STRING && mp->m_count == 1 ) {
|
||||
char * pStr = (char *) pPayload;
|
||||
size_t strcnt = strlen ( pStr );
|
||||
size_t strcnt = epicsStrnLen( pStr, payloadSize );
|
||||
if ( strcnt < payloadSize ) {
|
||||
payloadSize = ( ca_uint32_t ) ( strcnt + 1u );
|
||||
}
|
||||
@@ -843,7 +844,7 @@ static int write_action ( caHdrLargeArray *mp,
|
||||
static int host_name_action ( caHdrLargeArray *mp, void *pPayload,
|
||||
struct client *client )
|
||||
{
|
||||
unsigned size;
|
||||
ca_uint32_t size;
|
||||
char *pName;
|
||||
char *pMalloc;
|
||||
int chanCount;
|
||||
@@ -867,8 +868,8 @@ static int host_name_action ( caHdrLargeArray *mp, void *pPayload,
|
||||
}
|
||||
|
||||
pName = (char *) pPayload;
|
||||
size = strlen(pName)+1;
|
||||
if (size > 512) {
|
||||
size = epicsStrnLen(pName, mp->m_postsize)+1;
|
||||
if (size > 512 || size > mp->m_postsize) {
|
||||
log_header ( "bad (very long) host name",
|
||||
client, mp, pPayload, 0 );
|
||||
SEND_LOCK(client);
|
||||
@@ -922,7 +923,7 @@ static int host_name_action ( caHdrLargeArray *mp, void *pPayload,
|
||||
static int client_name_action ( caHdrLargeArray *mp, void *pPayload,
|
||||
struct client *client )
|
||||
{
|
||||
unsigned size;
|
||||
ca_uint32_t size;
|
||||
char *pName;
|
||||
char *pMalloc;
|
||||
int chanCount;
|
||||
@@ -946,8 +947,8 @@ static int client_name_action ( caHdrLargeArray *mp, void *pPayload,
|
||||
}
|
||||
|
||||
pName = (char *) pPayload;
|
||||
size = strlen(pName)+1;
|
||||
if (size > 512) {
|
||||
size = epicsStrnLen(pName, mp->m_postsize)+1;
|
||||
if (size > 512 || size > mp->m_postsize) {
|
||||
log_header ("a very long user name was specified",
|
||||
client, mp, pPayload, 0);
|
||||
SEND_LOCK(client);
|
||||
|
||||
Reference in New Issue
Block a user