core_rpc_server: fix overreads in slow_memmem

It would read data outside the allocated space in a couple cases.
This commit is contained in:
moneromooo-monero 2014-10-06 10:27:34 +01:00
parent 2c739371ac
commit add803be89
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3

View file

@ -398,17 +398,19 @@ namespace cryptonote
return true;
}
//------------------------------------------------------------------------------------------------------------------------------
uint64_t slow_memmem(void* start_buff, size_t buflen,void* pat,size_t patlen)
// equivalent of strstr, but with arbitrary bytes (ie, NULs)
// This does not differentiate between "not found" and "found at offset 0"
uint64_t slow_memmem(const void* start_buff, size_t buflen,const void* pat,size_t patlen)
{
void* buf = start_buff;
void* end=(char*)buf+buflen-patlen;
while((buf=memchr(buf,((char*)pat)[0],buflen)))
const void* buf = start_buff;
const void* end=(const char*)buf+buflen;
if (patlen > buflen || patlen == 0) return 0;
while(buflen>0 && (buf=memchr(buf,((const char*)pat)[0],buflen-patlen+1)))
{
if(buf>end)
return 0;
if(memcmp(buf,pat,patlen)==0)
return (char*)buf - (char*)start_buff;
buf=(char*)buf+1;
return (const char*)buf - (const char*)start_buff;
buf=(const char*)buf+1;
buflen = (const char*)end - (const char*)buf;
}
return 0;
}