From fd9bf17b83993290e35c8d524c712af4003fa6ba Mon Sep 17 00:00:00 2001
From: dtucker <>
Date: Fri, 14 Oct 2016 18:19:04 +0000
Subject: Cast pointers to uintptr_t to avoid potential signedness errors.
 Based on patch from yuanjie.huang at windriver.com via OpenSSH bz#2608, with
 & ok millert, ok deraadt.

---
 src/lib/libc/string/strnlen.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/lib/libc/string/strnlen.c')

diff --git a/src/lib/libc/string/strnlen.c b/src/lib/libc/string/strnlen.c
index 26e9743f18..33c3b6e2ca 100644
--- a/src/lib/libc/string/strnlen.c
+++ b/src/lib/libc/string/strnlen.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: strnlen.c,v 1.6 2015/08/31 02:53:57 guenther Exp $	*/
+/*	$OpenBSD: strnlen.c,v 1.7 2016/10/14 18:19:04 dtucker Exp $	*/
 
 /*
  * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -19,6 +19,7 @@
 #include <sys/types.h>
 
 #include <string.h>
+#include <stdint.h>
 
 size_t
 strnlen(const char *str, size_t maxlen)
@@ -28,6 +29,10 @@ strnlen(const char *str, size_t maxlen)
 	for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
 		;
 
-	return (size_t)(cp - str);
+	/*
+	 * Cast pointers to unsigned type before calculation, to avoid signed
+	 * overflow when the string ends where the MSB has changed.
+	 */
+	return (size_t)((uintptr_t)cp - (uintptr_t)str);
 }
 DEF_WEAK(strnlen);
-- 
cgit v1.2.3-55-g6feb