On Fri, Jan 28, 2022 at 08:17:25AM -0700, Todd C. Miller wrote:
> Now that you guarantee that buf is NUL-terminated there is no need
> for strnlen() so you can just do:
> 
> 	(*obj)->hdrlen = strlen(buf) + 1 /* '\0' */;
> 
>  - todd
> 

Oh, that is right.

Alternatively, could we reuse the result of memchr() to avoid another
scan of the string?

diff refs/heads/main refs/heads/object-header
blob - b4f415940ee578ecafa1e8ceca60032674013904
blob + 3b225ca9384c228bc4e2ed56af6e1fbb67ff45d7
--- lib/object_parse.c
+++ lib/object_parse.c
@@ -196,13 +196,14 @@ got_object_parse_header(struct got_object **obj, char 
 		GOT_OBJ_TYPE_TAG,
 	};
 	int type = 0;
-	size_t size = 0, hdrlen = 0;
+	size_t size = 0;
 	size_t i;
+	char *end;
 
 	*obj = NULL;
 
-	hdrlen = strnlen(buf, len) + 1 /* '\0' */;
-	if (hdrlen > len)
+	end = memchr(buf, '\0', len);
+	if (end == NULL)
 		return got_error(GOT_ERR_BAD_OBJ_HDR);
 
 	for (i = 0; i < nitems(obj_labels); i++) {
@@ -210,12 +211,11 @@ got_object_parse_header(struct got_object **obj, char 
 		size_t label_len = strlen(label);
 		const char *errstr;
 
-		if (strncmp(buf, label, label_len) != 0)
+		if (len <= label_len || buf + label_len >= end ||
+		    strncmp(buf, label, label_len) != 0)
 			continue;
 
 		type = obj_types[i];
-		if (len <= label_len)
-			return got_error(GOT_ERR_BAD_OBJ_HDR);
 		size = strtonum(buf + label_len, 0, LONG_MAX, &errstr);
 		if (errstr != NULL)
 			return got_error(GOT_ERR_BAD_OBJ_HDR);
@@ -229,7 +229,7 @@ got_object_parse_header(struct got_object **obj, char 
 	if (*obj == NULL)
 		return got_error_from_errno("calloc");
 	(*obj)->type = type;
-	(*obj)->hdrlen = hdrlen;
+	(*obj)->hdrlen = end - buf + 1;
 	(*obj)->size = size;
 	return NULL;
 }
@@ -249,6 +249,7 @@ got_object_read_header(struct got_object **obj, int fd
 	buf = malloc(zbsize);
 	if (buf == NULL)
 		return got_error_from_errno("malloc");
+	buf[0] = '\0';
 
 	err = got_inflate_init(&zb, buf, zbsize, NULL);
 	if (err)