diff options
| -rw-r--r-- | changes/ticket40854 | 3 | ||||
| -rw-r--r-- | src/lib/string/util_string.c | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/changes/ticket40854 b/changes/ticket40854 new file mode 100644 index 0000000000..1a5850cca0 --- /dev/null +++ b/changes/ticket40854 @@ -0,0 +1,3 @@ + o Minor feature (defense in depth): + - verify needle is smaller than haystack before calling memmem. + Closes ticket 40854. diff --git a/src/lib/string/util_string.c b/src/lib/string/util_string.c index b1c0a11439..60b5933e4d 100644 --- a/src/lib/string/util_string.c +++ b/src/lib/string/util_string.c @@ -31,6 +31,8 @@ tor_memmem(const void *_haystack, size_t hlen, { #if defined(HAVE_MEMMEM) && (!defined(__GNUC__) || __GNUC__ >= 2) raw_assert(nlen); + if (nlen > hlen) + return NULL; return memmem(_haystack, hlen, _needle, nlen); #else /* This isn't as fast as the GLIBC implementation, but it doesn't need to |