wildcard_cmp.c: Fix out-of-bounds cmp

When the distance between '*' on a wildcard expression was larger than the string to compare with, this would cause an out-of-bounds read because `n` was not being limited to the strlen(3) from the input string. Example: - s="c", p="*cc*", casecmp=false Here, the distance between the first and second '*' is 2 bytes, which is longer than the input string itself (1 byte, not counting the terminating null byte '\0').
author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> 2023-07-09 05:13:30 +0200
committer: Xavier Del Campo Romero <xavi.dcr@tutanota.com> 2023-07-20 23:52:56 +0200
commit: 090eccf092cfa83e558b6ac8dd7479ab14d018d2 (patch)
tree: ff9c3feebf6a00a8d46c02e381bdb82a3acb0adf
parent: e0f43ac4105997f479071e430971ca51b4492ed2 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/wildcard_cmp.c b/wildcard_cmp.c
index dd19d6c..fe0b3e1 100644
--- a/wildcard_cmp.c
+++ b/wildcard_cmp.c
@@ -30,7 +30,8 @@ int wildcard_cmp(const char *s, const char *p, const bool casecmp)
                 return r;
         }
 
-        const size_t n = wc - p;
+        const size_t auxn = wc - p, rem = strlen(s),
+            n = auxn > rem ? rem : auxn;
 
         if (n)
         {
author	Xavier Del Campo Romero <xavi.dcr@tutanota.com>	2023-07-09 05:13:30 +0200
committer	Xavier Del Campo Romero <xavi.dcr@tutanota.com>	2023-07-20 23:52:56 +0200
commit	090eccf092cfa83e558b6ac8dd7479ab14d018d2 (patch)
tree	ff9c3feebf6a00a8d46c02e381bdb82a3acb0adf
parent	e0f43ac4105997f479071e430971ca51b4492ed2 (diff)