[libc] Prevent strndup() from reading beyond the end of the string

strndup() may be called on a string which is not NUL-terminated.  Use
strnlen() instead of strlen() to ensure that we do not read beyond the
end of such a string.

Add self-tests for strndup(), including a test case with an
unterminated string.

Originally-fixed-by: Marin Hannache <git@mareo.fr>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/core/string.c

 
 char * strndup(const char *s, size_t n)
 {
-        size_t len = strlen(s);
+        size_t len = strnlen(s,n);
         char *new;
 
-        if (len>n)
-                len = n;
         new = malloc(len+1);
         if (new) {
                 new[len] = '\0';

src/tests/string_test.c

 		ok ( strcmp ( dup, orig ) == 0 );
 		free ( dup );
 	}
+
+	/* Test strndup() */
+	{
+		const char *normal = "testing testing";
+		const char unterminated[6] = { 'h', 'e', 'l', 'l', 'o', '!' };
+		char *dup;
+		dup = strndup ( normal, 32 );
+		ok ( dup != NULL );
+		ok ( dup != normal );
+		ok ( strcmp ( dup, normal ) == 0 );
+		free ( dup );
+		dup = strndup ( normal, 4 );
+		ok ( dup != NULL );
+		ok ( strcmp ( dup, "test" ) == 0 );
+		free ( dup );
+		dup = strndup ( unterminated, 5 );
+		ok ( dup != NULL );
+		ok ( strcmp ( dup, "hello" ) == 0 );
+		free ( dup );
+	}
 }
 
 /** String self-test */