copy_string: use an end pointer to quiet a coverity warning

Instead of modifying the len parameter and using it for bounds checking, compute the end of the source string and bound check on that instead. Also simplify the code slightly and enable debugging.
sudo-project · Jan 15, 2025 · e375330 · e375330
1 parent af4634a
commit e375330
Showing 1 changed file with 15 additions and 14 deletions.
diff --git a/plugins/sudoers/toke_util.c b/plugins/sudoers/toke_util.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 1996, 1998-2005, 2007-2016
+ * Copyright (c) 1996, 1998-2005, 2007-2023, 2025
  *	Todd C. Miller <[email protected]>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -47,24 +47,25 @@ static size_t arg_size = 0;
 static void
 copy_string(char *dst, const char *src, size_t len)
 {
-    int h;
-
-    while (len--) {
-	if (*src == '\\' && len) {
-	    if (src[1] == 'x' && len >= 3 && (h = sudo_hexchar(src + 2)) != -1) {
-		*dst++ = (char)h;
-		src += 4;
-		len -= 3;
+    const char *end = src + len;
+    debug_decl(copy_string, SUDOERS_DEBUG_PARSER);
+
+    while (src < end) {
+	int ch = *src++;
+	if (ch == '\\' && src < end) {
+	    if (*src == 'x' && src + 3 <= end && (ch = sudo_hexchar(src + 1)) != -1) {
+		/* Hex character, skip remaining part of src. */
+		src += 3;
 	    } else {
-		src++;
-		len--;
-		*dst++ = *src++;
+		/* Escaped regular character. */
+		ch = *src++;
 	    }
-	} else {
-	    *dst++ = *src++;
 	}
+	*dst++ = (char)ch;
     }
     *dst = '\0';
+
+    debug_return;
 }
 
 bool