GH614: Use memcpy()/strdup() when possible

Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2024-11-24 10:34:12 +08:00 · 2016-02-03 17:34:14 +03:00 · 2016-02-03 17:34:14 +03:00 · a89c9a0d85
commit a89c9a0d85
parent 0f45c26f5a
4 changed files with 9 additions and 11 deletions
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@ -236,23 +236,21 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
     * if the second file specification is missing.
     */
    if (!filespec2 || filespec1[0] == '/') {
-        merged = OPENSSL_malloc(strlen(filespec1) + 1);
+        merged = OPENSSL_strdup(filespec1);
        if (merged == NULL) {
            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
            return (NULL);
        }
-        strcpy(merged, filespec1);
    }
    /*
     * If the first file specification is missing, the second one rules.
     */
    else if (!filespec1) {
-        merged = OPENSSL_malloc(strlen(filespec2) + 1);
+        merged = OPENSSL_strdup(filespec2);
        if (merged == NULL) {
            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
            return (NULL);
        }
-        strcpy(merged, filespec2);
    } else
        /*
         * This part isn't as trivial as it looks.  It assumes that the
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@ -280,23 +280,21 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1,
     * if the second file specification is missing.
     */
    if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) {
-        merged = OPENSSL_malloc(strlen(filespec1) + 1);
+        merged = OPENSSL_strdup(filespec1);
        if (merged == NULL) {
            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
            return (NULL);
        }
-        strcpy(merged, filespec1);
    }
    /*
     * If the first file specification is missing, the second one rules.
     */
    else if (!filespec1) {
-        merged = OPENSSL_malloc(strlen(filespec2) + 1);
+        merged = OPENSSL_strdup(filespec2);
        if (merged == NULL) {
            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
            return (NULL);
        }
-        strcpy(merged, filespec2);
    } else {
        /*
         * This part isn't as trivial as it looks.  It assumes that the
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@ -120,12 +120,14 @@ int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
 char *CRYPTO_strdup(const char *str, const char* file, int line)
 {
    char *ret;
+    size_t size;

    if (str == NULL)
        return NULL;
-    ret = CRYPTO_malloc(strlen(str) + 1, file, line);
+    size = strlen(str) + 1;
+    ret = CRYPTO_malloc(size, file, line);
    if (ret != NULL)
-        strcpy(ret, str);
+        memcpy(ret, str, size);
    return ret;
 }

--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1982,7 +1982,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
            *p = '\0';
            return buf;
        }
-        strcpy(p, c->name);
+        memcpy(p, c->name, n + 1);
        p += n;
        *(p++) = ':';
        len -= n + 1;