Skip to content

Commit

Permalink
pure_strcmp(): len(s2) can be > len(s1)
Browse files Browse the repository at this point in the history 
Reported by Antonio Morales from GitHub Security Labs, thanks!
  • Loading branch information
@jedisct1
jedisct1 committed Feb 24, 2020
1 parent 9a8d379 commit bf6fcd4
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/utils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,5 +45,9 @@ int pure_memcmp(const void * const b1_, const void * const b2_, size_t len)

int pure_strcmp(const char * const s1, const char * const s2)
{
return pure_memcmp(s1, s2, strlen(s1) + 1U);
const size_t s1_len = strlen(s1);
const size_t s2_len = strlen(s2);
const size_t len = (s1_len < s2_len) ? s1_len : s2_len;

return pure_memcmp(s1, s2, len + 1);
}

0 comments on commit bf6fcd4

Please sign in to comment.