From: Felix Fietkau Date: Thu, 12 May 2022 11:22:56 +0000 (+0200) Subject: blobmsg: implicitly reserve space for 0-terminator in string buf alloc X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=cfa372ff8aed8257465adb5445f43656ace2d615;p=project%2Flibubox.git blobmsg: implicitly reserve space for 0-terminator in string buf alloc It may not be clear to all users of this API if the provided maxlen argument refers to the maximum string length or the maximum buffer size. In order to improve safety and convenience of this API, make it refer to the maximum string length. Signed-off-by: Felix Fietkau --- diff --git a/blobmsg.c b/blobmsg.c index 93172ab..d87d607 100644 --- a/blobmsg.c +++ b/blobmsg.c @@ -296,7 +296,7 @@ int blobmsg_vprintf(struct blob_buf *buf, const char *name, const char *format, if (len < 0) return -1; - sbuf = blobmsg_alloc_string_buffer(buf, name, len + 1); + sbuf = blobmsg_alloc_string_buffer(buf, name, len); if (!sbuf) return -1; @@ -328,6 +328,7 @@ blobmsg_alloc_string_buffer(struct blob_buf *buf, const char *name, unsigned int struct blob_attr *attr; void *data_dest; + maxlen++; attr = blobmsg_new(buf, BLOBMSG_TYPE_STRING, name, maxlen, &data_dest); if (!attr) return NULL; @@ -343,7 +344,7 @@ blobmsg_realloc_string_buffer(struct blob_buf *buf, unsigned int maxlen) { struct blob_attr *attr = blob_next(buf->head); int offset = attr_to_offset(buf, blob_next(buf->head)) + blob_pad_len(attr) - BLOB_COOKIE; - int required = maxlen - (buf->buflen - offset); + int required = maxlen + 1 - (buf->buflen - offset); if (required <= 0) goto out; diff --git a/json_script.c b/json_script.c index 14d045d..7177e9c 100644 --- a/json_script.c +++ b/json_script.c @@ -431,7 +431,7 @@ static int eval_string(struct json_call *call, struct blob_buf *buf, const char bool var = false; char c = '%'; - dest = blobmsg_alloc_string_buffer(buf, name, 1); + dest = blobmsg_alloc_string_buffer(buf, name, 0); if (!dest) return -1; @@ -473,7 +473,7 @@ static int eval_string(struct json_call *call, struct blob_buf *buf, const char cur_len = end - str; } - new_buf = blobmsg_realloc_string_buffer(buf, len + cur_len + 1); + new_buf = blobmsg_realloc_string_buffer(buf, len + cur_len); if (!new_buf) { /* Make eval_string return -1 */ var = true;