core_rpc_server: fix overreads in slow_memmem
It would read data outside the allocated space in a couple cases.
This commit is contained in:
parent
2c739371ac
commit
add803be89
@ -398,17 +398,19 @@ namespace cryptonote
|
||||
return true;
|
||||
}
|
||||
//------------------------------------------------------------------------------------------------------------------------------
|
||||
uint64_t slow_memmem(void* start_buff, size_t buflen,void* pat,size_t patlen)
|
||||
// equivalent of strstr, but with arbitrary bytes (ie, NULs)
|
||||
// This does not differentiate between "not found" and "found at offset 0"
|
||||
uint64_t slow_memmem(const void* start_buff, size_t buflen,const void* pat,size_t patlen)
|
||||
{
|
||||
void* buf = start_buff;
|
||||
void* end=(char*)buf+buflen-patlen;
|
||||
while((buf=memchr(buf,((char*)pat)[0],buflen)))
|
||||
const void* buf = start_buff;
|
||||
const void* end=(const char*)buf+buflen;
|
||||
if (patlen > buflen || patlen == 0) return 0;
|
||||
while(buflen>0 && (buf=memchr(buf,((const char*)pat)[0],buflen-patlen+1)))
|
||||
{
|
||||
if(buf>end)
|
||||
return 0;
|
||||
if(memcmp(buf,pat,patlen)==0)
|
||||
return (char*)buf - (char*)start_buff;
|
||||
buf=(char*)buf+1;
|
||||
return (const char*)buf - (const char*)start_buff;
|
||||
buf=(const char*)buf+1;
|
||||
buflen = (const char*)end - (const char*)buf;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user