Closed Bug 96571 Opened 24 years ago Closed 24 years ago

PL_strnchr may read beyond the end of buffer if the buffer is not null-terminated

Categories

(NSPR :: NSPR, defect, P2)

Product:
NSPR
Component:
NSPR
Version:
4.0.2
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: wtc, Assigned: wtc)

References

Details

Attachments

(1 file, 1 obsolete file)

Revised patch.
3.67 KB, patch
Details | Diff | Splinter Review
PL_strnchr may read one byte beyond the end of buffer if the buffer is not null-terminated. This bug was first reported in Browser bug 82200. In that bug report, Fred Roeber said: [PL_strnchr] should test (n && *s) and not the other way around. The long if (line 77) should probably be similarly amended. Note that PL_strnrchr should be fixed too.
Attached patch Proposed patch. (obsolete) — Splinter Review
*** Bug 96572 has been marked as a duplicate of this bug. ***
looks like this is problem for PL_strncasestr as well.
Blocks: 98231
Attached patch Revised patch.Splinter Review
Attachment #46842 - Attachment is obsolete: true
I took the opportunity to check all the PL_strn* functions. The result is the revised patch (attachment id=49047). I checked in the revised patch on the tip of NSPR. You are welcome to review the patch even though it's already checked in. Darin, I know you are waiting for me to fix PL_strncasestr, but I urge you to not use any of the PL_str* functions. These functions only work on 7-bit ASCII strings. They may even be incorrect for the Western European languages. You don't want to use these functions in an application that needs to be internationalized. You have been warned.
Status: NEW → RESOLVED
Closed: 24 years ago
Priority: -- → P2
Resolution: --- → FIXED
Target Milestone: --- → 4.2
But they are valid for http server headers which are defined to be 7 bit ASCII.
Blocks: 129902
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: