lib/string_helpers: rework overflow-dependent code

When @size is 0, the desired behavior is to allow unlimited bytes to be parsed. Currently, this relies on some intentional arithmetic overflow where --size gives us SIZE_MAX when size is 0. Explicitly spell out the desired behavior without relying on intentional overflow/underflow. Signed-off-by: Justin Stitt <justinstitt@google.com> Link: https://lore.kernel.org/r/20240808-b4-string_helpers_caa133-v1-1-686a455167c4@google.com Signed-off-by: Kees Cook <kees@kernel.org>
author: Justin Stitt <justinstitt@google.com> 2024-08-08 14:43:56 -0700
committer: Kees Cook <kees@kernel.org> 2024-08-15 09:26:02 -0700
commit: bbf3c7ff9dfa45be51500d23a1276991a7cd8c6e (patch)
tree: 0f9f1877cc36c3ecc72bad4ae289b4238c3c872f /lib
parent: 0336f898881ae13b92dfd8b72e69ed1246eac762 (diff)
download: lwn-bbf3c7ff9dfa45be51500d23a1276991a7cd8c6e.tar.gz
lwn-bbf3c7ff9dfa45be51500d23a1276991a7cd8c6e.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/string_helpers.c b/lib/string_helpers.c
index 69ba49b853c7..4f887aa62fa0 100644
--- a/lib/string_helpers.c
+++ b/lib/string_helpers.c
@@ -321,6 +321,9 @@ int string_unescape(char *src, char *dst, size_t size, unsigned int flags)
 {
 	char *out = dst;
 
+	if (!size)
+		size = SIZE_MAX;
+
 	while (*src && --size) {
 		if (src[0] == '\\' && src[1] != '\0' && size > 1) {
 			src++;
author	Justin Stitt <justinstitt@google.com>	2024-08-08 14:43:56 -0700
committer	Kees Cook <kees@kernel.org>	2024-08-15 09:26:02 -0700
commit	bbf3c7ff9dfa45be51500d23a1276991a7cd8c6e (patch)
tree	0f9f1877cc36c3ecc72bad4ae289b4238c3c872f /lib
parent	0336f898881ae13b92dfd8b72e69ed1246eac762 (diff)
download	lwn-bbf3c7ff9dfa45be51500d23a1276991a7cd8c6e.tar.gz lwn-bbf3c7ff9dfa45be51500d23a1276991a7cd8c6e.zip