Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libc/rpc patch from openbsd to fix bounds checking, elim...
details: https://anonhg.NetBSD.org/src/rev/dd8fdfa5c16b
branches: trunk
changeset: 534602:dd8fdfa5c16b
user: darrenr <darrenr%NetBSD.org@localhost>
date: Tue Jul 30 14:57:31 2002 +0000
description:
patch from openbsd to fix bounds checking, eliminating an overflow condition.
diffstat:
lib/libc/rpc/xdr_array.c | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)
diffs (50 lines):
diff -r dabc3e8ba92f -r dd8fdfa5c16b lib/libc/rpc/xdr_array.c
--- a/lib/libc/rpc/xdr_array.c Tue Jul 30 14:37:38 2002 +0000
+++ b/lib/libc/rpc/xdr_array.c Tue Jul 30 14:57:31 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xdr_array.c,v 1.12 2000/01/22 22:19:18 mycroft Exp $ */
+/* $NetBSD: xdr_array.c,v 1.13 2002/07/30 14:57:31 darrenr Exp $ */
/*
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
@@ -35,7 +35,7 @@
static char *sccsid = "@(#)xdr_array.c 1.10 87/08/11 Copyr 1984 Sun Micro";
static char *sccsid = "@(#)xdr_array.c 2.1 88/07/29 4.0 RPCSRC";
#else
-__RCSID("$NetBSD: xdr_array.c,v 1.12 2000/01/22 22:19:18 mycroft Exp $");
+__RCSID("$NetBSD: xdr_array.c,v 1.13 2002/07/30 14:57:31 darrenr Exp $");
#endif
#endif
@@ -54,6 +54,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
#include <rpc/types.h>
#include <rpc/xdr.h>
@@ -86,11 +87,12 @@
u_int nodesize;
/* like strings, arrays are really counted arrays */
- if (! xdr_u_int(xdrs, sizep)) {
+ if (!xdr_u_int(xdrs, sizep)) {
return (FALSE);
}
c = *sizep;
- if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) {
+ if ((c > maxsize && UINT_MAX/elsize < c) &&
+ (xdrs->x_op != XDR_FREE)) {
return (FALSE);
}
nodesize = c * elsize;
@@ -160,7 +162,7 @@
elptr = basep;
for (i = 0; i < nelem; i++) {
- if (! (*xdr_elem)(xdrs, elptr)) {
+ if (!(*xdr_elem)(xdrs, elptr)) {
return(FALSE);
}
elptr += elemsize;
Home |
Main Index |
Thread Index |
Old Index