icmap: Fix value len checking for strings

Implementation should allow pass only parts of string (shorten string)
and must prohibit reading of uninitialized memory.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>

diff --git a/exec/icmap.c b/exec/icmap.c
index 2a53415a0956a65279fea81cd8369d0430a603d5..7e19673771b115c9ed5a0062471b6bb0572a33bf 100644 (file)
--- a/exec/icmap.c
+++ b/exec/icmap.c
@@ -345,7 +345,11 @@ static int icmap_check_value_len(const void *value, size_t value_len, icmap_valu
        }
 
        if (type == ICMAP_VALUETYPE_STRING) {
-               if (value_len > strlen((const char *)value)) {
+               /*
+                * value_len can be shorter then real string length, but never
+                * longer (+ 1 is because of 0 at the end of string)
+                */
+               if (value_len > strlen((const char *)value) + 1) {
                        return (-1);
                } else {
                        return (0);