pure_strcmp(): len(s2) can be > len(s1)

Reported by Antonio Morales from GitHub Security Labs, thanks!
jedisct1 · Feb 24, 2020 · 36c6d26 · 36c6d26
1 parent 9a8d379
commit 36c6d26
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/utils.c b/src/utils.c
@@ -45,5 +45,11 @@ int pure_memcmp(const void * const b1_, const void * const b2_, size_t len)
 
 int pure_strcmp(const char * const s1, const char * const s2)
 {
-    return pure_memcmp(s1, s2, strlen(s1) + 1U);
+    const size_t s1_len = strlen(s1);
+    const size_t s2_len = strlen(s2);
+
+    if (s1_len != s2_len) {
+        return -1;
+    }
+    return pure_memcmp(s1, s2, s1_len);
 }