niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disallow junk after optional terminator in string/binprop compare

Browse source 
Signed-off-by: Erik Boasson <eb@ilities.com>
This commit is contained in:
Erik Boasson 2020-04-07 10:27:39 +02:00 committed by eboasson
parent 9c09eca2e9
commit eb7e5e3a87
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/security/builtin_plugins/authentication/src/authentication.c
View file

@ -529,8 +529,10 @@ static bool str_octseq_equal (const char *str, const DDS_Security_OctetSeq *bins
for (i = 0; str[i] && i < binstr->_length; i++) for (i = 0; str[i] && i < binstr->_length; i++)
if ((unsigned char) str[i] != binstr->_buffer[i]) if ((unsigned char) str[i] != binstr->_buffer[i])
return false; return false;
/* allow zero-termination in binstr */ /* allow zero-termination in binstr, but disallow anything other than a single \0 */
return (str[i] == 0 && (i == binstr->_length || binstr->_buffer[i] == 0)); return (str[i] == 0 &&
(i == binstr->_length ||
(i+1 == binstr->_length && binstr->_buffer[i] == 0)));
} }
static AuthenticationAlgoKind_t get_dsign_algo_from_octseq(const DDS_Security_OctetSeq *name) static AuthenticationAlgoKind_t get_dsign_algo_from_octseq(const DDS_Security_OctetSeq *name)