diff options
author | Greg Hudson <ghudson@mit.edu> | 2022-10-18 16:17:55 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2022-11-03 01:01:36 -0400 |
commit | 5c52ab2252953055e64d9b9855ad64b27eda060e (patch) | |
tree | 869c4205d4381d161bdf535f6ec871fc74480c7b | |
parent | ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583 (diff) | |
download | krb5-5c52ab2252953055e64d9b9855ad64b27eda060e.tar.gz |
Use memmove() in Unicode functions
Where the upstream OpenLDAP code uses AC_MEMCPY(), use memmove()
instead of memcpy() as the copies frequently involve overlapping
memory regions. Credit to OSS-Fuzz for discovering one instance of
the issue.
ticket: 9076 (new)
-rw-r--r-- | src/lib/krb5/unicode/ucdata/ucdata.c | 4 | ||||
-rw-r--r-- | src/lib/krb5/unicode/ucdata/ucgendat.c | 20 | ||||
-rw-r--r-- | src/lib/krb5/unicode/ure/ure.c | 8 |
3 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/krb5/unicode/ucdata/ucdata.c b/src/lib/krb5/unicode/ucdata/ucdata.c index e1b560d96..5b6ac7085 100644 --- a/src/lib/krb5/unicode/ucdata/ucdata.c +++ b/src/lib/krb5/unicode/ucdata/ucdata.c @@ -958,7 +958,7 @@ uccanoncompatdecomp(const krb5_ui_4 *in, int inlen, for (l = i; l > 0; l--) if (class >= uccombining_class((*out)[l-1])) break; - memcpy(*out + l + 1, *out + l, (i - l) * sizeof(**out)); + memmove(*out + l + 1, *out + l, (i - l) * sizeof(**out)); (*out)[l] = decomp[k]; } i++; @@ -988,7 +988,7 @@ uccanoncompatdecomp(const krb5_ui_4 *in, int inlen, for (l = i; l > 0; l--) if (class >= uccombining_class((*out)[l-1])) break; - memcpy(*out + l + 1, *out + l, (i - l) * sizeof(**out)); + memmove(*out + l + 1, *out + l, (i - l) * sizeof(**out)); (*out)[l] = in[j]; } i++; diff --git a/src/lib/krb5/unicode/ucdata/ucgendat.c b/src/lib/krb5/unicode/ucdata/ucgendat.c index 9114e8a70..70cec52d0 100644 --- a/src/lib/krb5/unicode/ucdata/ucgendat.c +++ b/src/lib/krb5/unicode/ucdata/ucgendat.c @@ -485,8 +485,8 @@ add_decomp(krb5_ui_4 code, short compat) * Shift the decomps up by one if the codes don't match. */ for (j = *pdecomps_used; j > i; j--) - (void) memcpy((char *) &(*pdecomps)[j], (char *) &(*pdecomps)[j - 1], - sizeof(_decomp_t)); + (void) memmove((char *) &(*pdecomps)[j], (char *) &(*pdecomps)[j - 1], + sizeof(_decomp_t)); } /* @@ -509,8 +509,8 @@ add_decomp(krb5_ui_4 code, short compat) (*pdecomps)[i].code = code; (*pdecomps)[i].used = dectmp_size; - (void) memcpy((char *) (*pdecomps)[i].decomp, (char *) dectmp, - sizeof(krb5_ui_4) * dectmp_size); + (void) memmove((char *) (*pdecomps)[i].decomp, (char *) dectmp, + sizeof(krb5_ui_4) * dectmp_size); /* * NOTICE: This needs changing later so it is more general than simply @@ -549,8 +549,8 @@ add_title(krb5_ui_4 code) * Shift the array up by one. */ for (j = title_used; j > i; j--) - (void) memcpy((char *) &title[j], (char *) &title[j - 1], - sizeof(_case_t)); + (void) memmove((char *) &title[j], (char *) &title[j - 1], + sizeof(_case_t)); } title[i].key = cases[2]; /* Title */ @@ -596,8 +596,8 @@ add_upper(krb5_ui_4 code) * Shift the array up by one. */ for (j = upper_used; j > i; j--) - (void) memcpy((char *) &upper[j], (char *) &upper[j - 1], - sizeof(_case_t)); + (void) memmove((char *) &upper[j], (char *) &upper[j - 1], + sizeof(_case_t)); } upper[i].key = cases[0]; /* Upper */ @@ -643,8 +643,8 @@ add_lower(krb5_ui_4 code) * Shift the array up by one. */ for (j = lower_used; j > i; j--) - (void) memcpy((char *) &lower[j], (char *) &lower[j - 1], - sizeof(_case_t)); + (void) memmove((char *) &lower[j], (char *) &lower[j - 1], + sizeof(_case_t)); } lower[i].key = cases[1]; /* Lower */ diff --git a/src/lib/krb5/unicode/ure/ure.c b/src/lib/krb5/unicode/ure/ure.c index e6d2b11ea..7b3048713 100644 --- a/src/lib/krb5/unicode/ure/ure.c +++ b/src/lib/krb5/unicode/ure/ure.c @@ -1124,8 +1124,8 @@ _ure_make_symbol(ucs2_t *sym, unsigned long limit, unsigned long *consumed, } symbol.id = b->symtab_used++; - (void) memcpy((char *) &b->symtab[symbol.id], (char *) &symbol, - sizeof(_ure_symtab_t)); + (void) memmove((char *) &b->symtab[symbol.id], (char *) &symbol, + sizeof(_ure_symtab_t)); return symbol.id; } @@ -1358,8 +1358,8 @@ _ure_add_state(ucs2_t nstates, ucs2_t *states, _ure_buffer_t *b) sp->st.slist_size = sp->st.slist_used + nstates; } sp->st.slist_used = nstates; - (void) memcpy((char *) sp->st.slist, (char *) states, - sizeof(ucs2_t) * nstates); + (void) memmove((char *) sp->st.slist, (char *) states, + sizeof(ucs2_t) * nstates); } /* |