It may not be clear to all users of this API if the provided maxlen argument
refers to the maximum string length or the maximum buffer size.
In order to improve safety and convenience of this API, make it refer to
the maximum string length.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (len < 0)
return -1;
- sbuf = blobmsg_alloc_string_buffer(buf, name, len + 1);
+ sbuf = blobmsg_alloc_string_buffer(buf, name, len);
if (!sbuf)
return -1;
struct blob_attr *attr;
void *data_dest;
+ maxlen++;
attr = blobmsg_new(buf, BLOBMSG_TYPE_STRING, name, maxlen, &data_dest);
if (!attr)
return NULL;
{
struct blob_attr *attr = blob_next(buf->head);
int offset = attr_to_offset(buf, blob_next(buf->head)) + blob_pad_len(attr) - BLOB_COOKIE;
- int required = maxlen - (buf->buflen - offset);
+ int required = maxlen + 1 - (buf->buflen - offset);
if (required <= 0)
goto out;
bool var = false;
char c = '%';
- dest = blobmsg_alloc_string_buffer(buf, name, 1);
+ dest = blobmsg_alloc_string_buffer(buf, name, 0);
if (!dest)
return -1;
cur_len = end - str;
}
- new_buf = blobmsg_realloc_string_buffer(buf, len + cur_len + 1);
+ new_buf = blobmsg_realloc_string_buffer(buf, len + cur_len);
if (!new_buf) {
/* Make eval_string return -1 */
var = true;