epics/pcas
0
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity

Fix buffer overflow in epicsStrnRawFromEscaped

Browse Source 
lp:1388313
This commit is contained in:
Andrew Johnson
2014-11-05 10:06:02 -06:00
parent 9f163ef8d9
commit 53d9a07f64
3 changed files with 50 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
documentation/RELEASE_NOTES.html
View File

@@ -13,6 +13,11 @@
<!-- Insert new items immediately below here ... -->
<h3>Fix buffer overflow in epicsStrnRawFromEscaped()</h3>
<p>Launchpad <a href="https://bugs.launchpad.net/bugs/1388313">bug
1388313</a> reported by Bruce Hill and Chris Ford.</p>
<h3>Better Cygwin IOC Application Support</h3>
<p>IOC applications built for Cygwin with shared libraries need to have PATH

7
src/libCom/misc/epicsString.c
View File

@@ -43,6 +43,9 @@ int epicsStrnRawFromEscaped(char *to, size_t outsize, const char *from,
char c;
int nto = 0, nfrom = 0;
if (outsize == 0)
return 0;
while ((c = *pfrom++) && nto < outsize && nfrom < inlen) {
nfrom++;
if (c == '\\') {
@@ -100,7 +103,9 @@ int epicsStrnRawFromEscaped(char *to, size_t outsize, const char *from,
*pto++ = c; nto++;
}
}
*pto = '\0'; /* NOTE that nto does not have to be incremented */
if (nto == outsize)
pto--;
*pto = '\0';
return nto;
}

40
src/libCom/test/epicsStringTest.c
View File

@@ -48,9 +48,11 @@ MAIN(epicsStringTest)
const char * const a = "a";
const char * const abcd = "abcd";
const char * const abcde = "abcde";
char result[8];
char *s;
int status;
testPlan(281);
testPlan(299);
testChars();
@@ -85,5 +87,41 @@ MAIN(epicsStringTest)
testOk1(epicsStrHash(abcd, 0) == epicsMemHash(abcde, 4, 0));
testOk1(epicsStrHash(abcd, 0) != epicsMemHash("abcd\0", 5, 0));
memset(result, 'x', sizeof(result));
status = epicsStrnEscapedFromRaw(result, 4, ABCD, 3);
testOk(status == 3, "epicsStrnEscapedFromRaw returned %d (exp. 3)", status);
testOk(result[4] == 'x', "epicsStrnEscapedFromRaw no buffer overrun");
testOk(result[3] == 0, "epicsStrnEscapedFromRaw 0-terminated");
memset(result, 'x', sizeof(result));
status = epicsStrnEscapedFromRaw(result, 4, ABCD, 4);
testOk(status == 4, "epicsStrnEscapedFromRaw returned %d (exp. 4)", status);
testOk(result[4] == 'x', "epicsStrnEscapedFromRaw no buffer overrun");
testOk(result[3] == 0, "epicsStrnEscapedFromRaw 0-terminated");
memset(result, 'x', sizeof(result));
status = epicsStrnEscapedFromRaw(result, 4, ABCDE, 5);
testOk(status == 5, "epicsStrnEscapedFromRaw returned %d (exp. 5)", status);
testOk(result[4] == 'x', "epicsStrnEscapedFromRaw no buffer overrun");
testOk(result[3] == 0, "epicsStrnEscapedFromRaw 0-terminated");
memset(result, 'x', sizeof(result));
status = epicsStrnRawFromEscaped(result, 4, ABCD, 3);
testOk(status == 3, "epicsStrnRawFromEscaped returned %d (exp. 3)", status);
testOk(result[4] == 'x', "epicsStrnRawFromEscaped no buffer overrun");
testOk(result[3] == 0, "epicsStrnRawFromEscaped 0-terminated");
memset(result, 'x', sizeof(result));
status = epicsStrnRawFromEscaped(result, 4, ABCD, 4);
testOk(status == 4, "epicsStrnRawFromEscaped returned %d (exp. 4)", status);
testOk(result[4] == 'x', "epicsStrnRawFromEscaped no buffer overrun");
testOk(result[3] == 0, "epicsStrnRawFromEscaped 0-terminated");
memset(result, 'x', sizeof(result));
status = epicsStrnRawFromEscaped(result, 4, ABCDE, 5);
testOk(status == 4, "epicsStrnRawFromEscaped returned %d (exp. 4)", status);
testOk(result[4] == 'x', "epicsStrnRawFromEscaped no buffer overrun");
testOk(result[3] == 0, "epicsStrnRawFromEscaped 0-terminated");
return testDone();
}