From e3753309fed46ae228b84b1281bce36ba7039bc7 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 14 Jan 2025 14:02:48 -0700
Subject: [PATCH] copy_string: use an end pointer to quiet a coverity warning

Instead of modifying the len parameter and using it for bounds
checking, compute the end of the source string and bound check on
that instead.  Also simplify the code slightly and enable debugging.
---
 plugins/sudoers/toke_util.c | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/plugins/sudoers/toke_util.c b/plugins/sudoers/toke_util.c
index 7db07f848e..d80b9a8cdc 100644
--- a/plugins/sudoers/toke_util.c
+++ b/plugins/sudoers/toke_util.c
@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 1996, 1998-2005, 2007-2016
+ * Copyright (c) 1996, 1998-2005, 2007-2023, 2025
  *	Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -47,24 +47,25 @@ static size_t arg_size = 0;
 static void
 copy_string(char *dst, const char *src, size_t len)
 {
-    int h;
-
-    while (len--) {
-	if (*src == '\\' && len) {
-	    if (src[1] == 'x' && len >= 3 && (h = sudo_hexchar(src + 2)) != -1) {
-		*dst++ = (char)h;
-		src += 4;
-		len -= 3;
+    const char *end = src + len;
+    debug_decl(copy_string, SUDOERS_DEBUG_PARSER);
+
+    while (src < end) {
+	int ch = *src++;
+	if (ch == '\\' && src < end) {
+	    if (*src == 'x' && src + 3 <= end && (ch = sudo_hexchar(src + 1)) != -1) {
+		/* Hex character, skip remaining part of src. */
+		src += 3;
 	    } else {
-		src++;
-		len--;
-		*dst++ = *src++;
+		/* Escaped regular character. */
+		ch = *src++;
 	    }
-	} else {
-	    *dst++ = *src++;
 	}
+	*dst++ = (char)ch;
     }
     *dst = '\0';
+
+    debug_return;
 }
 
 bool