mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-16 09:34:18 +00:00
eb088894dc
Implement safer version of 'strnlen' function to handle NULL terminated strings with additional bound checking and secure version of string copy function to support better security and avoid destination buffer overflow. Change-Id: I93916f003b192c1c6da6a4f78a627c8885db11d9 Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com> Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
40 lines
907 B
C
40 lines
907 B
C
/*
|
|
* Copyright (c) 2024-2025, Altera Corporation. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include <errno.h>
|
|
#include <stddef.h>
|
|
#include <string.h>
|
|
#include <stdint.h>
|
|
|
|
int strcpy_secure(char *restrict dest, size_t dest_size, const char *restrict src)
|
|
{
|
|
/* Check for null pointers */
|
|
if ((dest == NULL) || (src == NULL)) {
|
|
return -EINVAL;
|
|
}
|
|
|
|
/* Check the destination size valid range */
|
|
if (dest_size == 0) {
|
|
return -ERANGE;
|
|
}
|
|
|
|
/* Calculate the length of the source string */
|
|
size_t src_len = strnlen_secure(src, dest_size);
|
|
|
|
/* Check if the source string fits in the destination buffer */
|
|
if (src_len >= dest_size) {
|
|
/* Set destination to an empty string */
|
|
dest[0] = '\0';
|
|
return -ERANGE;
|
|
}
|
|
|
|
/* Copy the source string to the destination */
|
|
for (dest[src_len] = '\0'; src_len > 0; src_len--) {
|
|
dest[src_len - 1] = src[src_len - 1];
|
|
}
|
|
|
|
return 0;
|
|
}
|