tree-wide: use memmem_safe()

poettering · poettering · commit e8b08edcdf4e · 2021-08-10T14:55:50.000+02:00
Let's be paranoid and do something useful if we operate with empty
haystack/needle. This doesn't actually fix anything, as the places as
far as I can see check for non-emptyness already beforehand, but I will
sleep safer at night, if we don't even allow the trap to be fallen in,
ever, even if the code is changed sooner or later.
diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
@@ -163,7 +163,7 @@ static int get_file_version(int fd, char **v) {
         if (!s)
                 goto finish;
 
-        e = memmem(s, st.st_size - (s - buf), " ####", 5);
+        e = memmem_safe(s, st.st_size - (s - buf), " ####", 5);
         if (!e || e - s < 3) {
                 r = log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Malformed version string.");
                 goto finish;
diff --git a/src/import/pull-common.c b/src/import/pull-common.c
@@ -10,6 +10,7 @@
 #include "escape.h"
 #include "fd-util.h"
 #include "io-util.h"
+#include "memory-util.h"
 #include "path-util.h"
 #include "process-util.h"
 #include "pull-common.h"
@@ -342,18 +343,18 @@ static int verify_one(PullJob *checksum_job, PullJob *job) {
 
         line = strjoina(job->checksum, " *", fn, "\n");
 
-        p = memmem(checksum_job->payload,
-                   checksum_job->payload_size,
-                   line,
-                   strlen(line));
+        p = memmem_safe(checksum_job->payload,
+                        checksum_job->payload_size,
+                        line,
+                        strlen(line));
 
         if (!p) {
                 line = strjoina(job->checksum, "  ", fn, "\n");
 
-                p = memmem(checksum_job->payload,
-                        checksum_job->payload_size,
-                        line,
-                        strlen(line));
+                p = memmem_safe(checksum_job->payload,
+                                checksum_job->payload_size,
+                                line,
+                                strlen(line));
         }
 
         if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n'))
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
@@ -173,12 +173,12 @@ static int bus_socket_auth_verify_client(sd_bus *b) {
         if (!d)
                 return 0;
 
-        e = memmem(d + 2, b->rbuffer_size - (d - (char*) b->rbuffer) - 2, "\r\n", 2);
+        e = memmem_safe(d + 2, b->rbuffer_size - (d - (char*) b->rbuffer) - 2, "\r\n", 2);
         if (!e)
                 return 0;
 
         if (b->accept_fd) {
-                f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
+                f = memmem_safe(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
                 if (!f)
                         return 0;
 
@@ -399,7 +399,7 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
         for (;;) {
                 /* Check if line is complete */
                 line = (char*) b->rbuffer + b->auth_rbegin;
-                e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
+                e = memmem_safe(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
                 if (!e)
                         return processed;
 
