2 files changed, 34 insertions, 0 deletions

diff --git a/src/sss_client/common.c b/src/sss_client/common.c
index 6b79c7830..3bfa89281 100644
--- a/src/sss_client/common.c
+++ b/src/sss_client/common.c
@@ -761,3 +761,32 @@ const char *ssscli_err2string(int err)
 
     return _("Unexpected error while looking for an error description");
 }
+
+/* Return strlen(str) or maxlen, whichever is shorter
+ * Returns EINVAL if str is NULL, EFBIG if str is longer than maxlen
+ * _len will return the result
+ *
+ * This function is useful for preventing buffer overflow attacks.
+ */
+errno_t sss_strnlen(const char *str, size_t maxlen, size_t *len)
+{
+    if (!str) {
+        return EINVAL;
+    }
+
+#if defined __USE_GNU
+    *len = strnlen(str, maxlen);
+#else
+    *len = 0;
+    while (*len < maxlen) {
+        if (str[*len] == '\0') break;
+        len++;
+    }
+#endif
+
+    if (*len == maxlen && str[*len] != '\0') {
+        return EFBIG;
+    }
+
+    return 0;
+}
diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h
index 8712a6f90..e0a33df46 100644
--- a/src/sss_client/sss_cli.h
+++ b/src/sss_client/sss_cli.h
@@ -470,3 +470,8 @@ safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter)
  */
 #endif
 
+/* Return strlen(str) or maxlen, whichever is shorter
+ * Returns EINVAL if str is NULL, EFBIG if str is longer than maxlen
+ * _len will return the result
+ */
+errno_t sss_strnlen(const char *str, size_t maxlen, size_t *len);