lib/string_helpers: rework overflow-dependent code

When @size is 0, the desired behavior is to allow unlimited bytes to be parsed. Currently, this relies on some intentional arithmetic overflow where --size gives us SIZE_MAX when size is 0. Explicitly spell out the desired behavior without relying on intentional overflow/underflow. Signed-off-by: Justin Stitt <justinstitt@google.com> Link: https://lore.kernel.org/r/20240808-b4-string_helpers_caa133-v1-1-686a455167c4@google.comSigned-off-by: Kees Cook <kees@kernel.org>

lib/string_helpers: rework overflow-dependent code
When @size is 0, the desired behavior is to allow unlimited bytes to be parsed. Currently, this relies on some intentional arithmetic overflow where --size gives us SIZE_MAX when size is 0. Explicitly spell out the desired behavior without relying on intentional overflow/underflow. Signed-off-by: Justin Stitt <justinstitt@google.com> Link: https://lore.kernel.org/r/20240808-b4-string_helpers_caa133-v1-1-686a455167c4@google.comSigned-off-by: Kees Cook <kees@kernel.org>
bbf3c7ff · Justin Stitt · Kees Cook · 0336f898 · bbf3c7ff
Commit bbf3c7ff authored Aug 08, 2024 by Justin Stitt Committed by Kees Cook Aug 15, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

lib/string_helpers.c lib/string_helpers.c +3 -0

No files found.
--- a/lib/string_helpers.c
+++ b/lib/string_helpers.c
@@ -321,6 +321,9 @@ int string_unescape(char *src, char *dst, size_t size, unsigned int flags)
 {
 	char *out = dst;

+	if (!size)
+		size = SIZE_MAX;
+
 	while (*src && --size) {
 		if (src[0] == '\\' && src[1] != '\0' && size > 1) {
 			src++;