diff options
| author | Christian Grothoff <christian@grothoff.org> | 2018-05-20 19:06:46 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2018-05-20 19:06:46 +0200 |
| commit | d9137653d89ed3497d8a23dc049216bd316e07ce (patch) | |
| tree | 124cbb2ffb6db0a2498a7bef1880bf70d3fd7417 /src/gnsrecord | |
| parent | bd4d98e353daae5820c7afd32f651c1e5e0876b8 (diff) | |
| download | gnunet-d9137653d89ed3497d8a23dc049216bd316e07ce.tar.gz gnunet-d9137653d89ed3497d8a23dc049216bd316e07ce.zip | |
guard more carefully against integer overflows
Diffstat (limited to 'src/gnsrecord')
| -rw-r--r-- | src/gnsrecord/gnsrecord_serialization.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/gnsrecord/gnsrecord_serialization.c b/src/gnsrecord/gnsrecord_serialization.c index 1db27464f..6164fa3db 100644 --- a/src/gnsrecord/gnsrecord_serialization.c +++ b/src/gnsrecord/gnsrecord_serialization.c | |||
| @@ -126,7 +126,8 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count, | |||
| 126 | rec.data_size = htonl ((uint32_t) rd[i].data_size); | 126 | rec.data_size = htonl ((uint32_t) rd[i].data_size); |
| 127 | rec.record_type = htonl (rd[i].record_type); | 127 | rec.record_type = htonl (rd[i].record_type); |
| 128 | rec.flags = htonl (rd[i].flags); | 128 | rec.flags = htonl (rd[i].flags); |
| 129 | if (off + sizeof (rec) > dest_size) | 129 | if ( (off + sizeof (rec) > dest_size) || |
| 130 | (off + sizeof (rec) < off) ) | ||
| 130 | { | 131 | { |
| 131 | GNUNET_break (0); | 132 | GNUNET_break (0); |
| 132 | return -1; | 133 | return -1; |
| @@ -135,7 +136,8 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count, | |||
| 135 | &rec, | 136 | &rec, |
| 136 | sizeof (rec)); | 137 | sizeof (rec)); |
| 137 | off += sizeof (rec); | 138 | off += sizeof (rec); |
| 138 | if (off + rd[i].data_size > dest_size) | 139 | if ( (off + rd[i].data_size > dest_size) || |
| 140 | (off + rd[i].data_size < off) ) | ||
| 139 | { | 141 | { |
| 140 | GNUNET_break (0); | 142 | GNUNET_break (0); |
| 141 | return -1; | 143 | return -1; |
| @@ -185,7 +187,8 @@ GNUNET_GNSRECORD_records_deserialize (size_t len, | |||
| 185 | off = 0; | 187 | off = 0; |
| 186 | for (unsigned int i=0;i<rd_count;i++) | 188 | for (unsigned int i=0;i<rd_count;i++) |
| 187 | { | 189 | { |
| 188 | if (off + sizeof (rec) > len) | 190 | if ( (off + sizeof (rec) > len) || |
| 191 | (off + sizeof (rec) < off) ) | ||
| 189 | { | 192 | { |
| 190 | GNUNET_break_op (0); | 193 | GNUNET_break_op (0); |
| 191 | return GNUNET_SYSERR; | 194 | return GNUNET_SYSERR; |
| @@ -198,7 +201,8 @@ GNUNET_GNSRECORD_records_deserialize (size_t len, | |||
| 198 | dest[i].record_type = ntohl (rec.record_type); | 201 | dest[i].record_type = ntohl (rec.record_type); |
| 199 | dest[i].flags = ntohl (rec.flags); | 202 | dest[i].flags = ntohl (rec.flags); |
| 200 | off += sizeof (rec); | 203 | off += sizeof (rec); |
| 201 | if (off + dest[i].data_size > len) | 204 | if ( (off + dest[i].data_size > len) || |
| 205 | (off + dest[i].data_size < off) ) | ||
| 202 | { | 206 | { |
| 203 | GNUNET_break_op (0); | 207 | GNUNET_break_op (0); |
| 204 | return GNUNET_SYSERR; | 208 | return GNUNET_SYSERR; |