Changeset b2e6406 in mod_gnutls for src/gnutls_io.c


Ignore:
Timestamp:
Jun 10, 2016, 3:14:51 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
11e6205
Parents:
15b22cb
Message:

Safe integer type conversion in mgs_filter_input()

Read sizes should be too small for 32 or 64 bit integer length to
matter, but we have to make sure.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_io.c

    r15b22cb rb2e6406  
    561561            return APR_ENOTIMPL;
    562562        }
    563         /* Err. This is bad. readbytes *can* be a 64bit int! len.. is NOT */
    564         if ((apr_size_t) readbytes < len) {
    565             len = (apr_size_t) readbytes;
     563        /* 'readbytes' and 'len' are of different integer types, which
     564         * might have different lengths. Read sizes should be too
     565         * small for 32 or 64 bit to matter, but we have to make
     566         * sure. */
     567        if ((apr_size_t) readbytes < len
     568            && __builtin_add_overflow(readbytes, 0, &len))
     569        {
     570            ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_EINVAL, ctxt->c,
     571                          "%s: prevented buffer length overflow",
     572                          __func__);
     573            return APR_EINVAL;
    566574        }
    567575        status =
Note: See TracChangeset for help on using the changeset viewer.