diff options
Diffstat (limited to 'src/gnsrecord/gnsrecord_serialization.c')
-rw-r--r-- | src/gnsrecord/gnsrecord_serialization.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/gnsrecord/gnsrecord_serialization.c b/src/gnsrecord/gnsrecord_serialization.c index 1db27464f..6164fa3db 100644 --- a/src/gnsrecord/gnsrecord_serialization.c +++ b/src/gnsrecord/gnsrecord_serialization.c | |||
@@ -126,7 +126,8 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count, | |||
126 | rec.data_size = htonl ((uint32_t) rd[i].data_size); | 126 | rec.data_size = htonl ((uint32_t) rd[i].data_size); |
127 | rec.record_type = htonl (rd[i].record_type); | 127 | rec.record_type = htonl (rd[i].record_type); |
128 | rec.flags = htonl (rd[i].flags); | 128 | rec.flags = htonl (rd[i].flags); |
129 | if (off + sizeof (rec) > dest_size) | 129 | if ( (off + sizeof (rec) > dest_size) || |
130 | (off + sizeof (rec) < off) ) | ||
130 | { | 131 | { |
131 | GNUNET_break (0); | 132 | GNUNET_break (0); |
132 | return -1; | 133 | return -1; |
@@ -135,7 +136,8 @@ GNUNET_GNSRECORD_records_serialize (unsigned int rd_count, | |||
135 | &rec, | 136 | &rec, |
136 | sizeof (rec)); | 137 | sizeof (rec)); |
137 | off += sizeof (rec); | 138 | off += sizeof (rec); |
138 | if (off + rd[i].data_size > dest_size) | 139 | if ( (off + rd[i].data_size > dest_size) || |
140 | (off + rd[i].data_size < off) ) | ||
139 | { | 141 | { |
140 | GNUNET_break (0); | 142 | GNUNET_break (0); |
141 | return -1; | 143 | return -1; |
@@ -185,7 +187,8 @@ GNUNET_GNSRECORD_records_deserialize (size_t len, | |||
185 | off = 0; | 187 | off = 0; |
186 | for (unsigned int i=0;i<rd_count;i++) | 188 | for (unsigned int i=0;i<rd_count;i++) |
187 | { | 189 | { |
188 | if (off + sizeof (rec) > len) | 190 | if ( (off + sizeof (rec) > len) || |
191 | (off + sizeof (rec) < off) ) | ||
189 | { | 192 | { |
190 | GNUNET_break_op (0); | 193 | GNUNET_break_op (0); |
191 | return GNUNET_SYSERR; | 194 | return GNUNET_SYSERR; |
@@ -198,7 +201,8 @@ GNUNET_GNSRECORD_records_deserialize (size_t len, | |||
198 | dest[i].record_type = ntohl (rec.record_type); | 201 | dest[i].record_type = ntohl (rec.record_type); |
199 | dest[i].flags = ntohl (rec.flags); | 202 | dest[i].flags = ntohl (rec.flags); |
200 | off += sizeof (rec); | 203 | off += sizeof (rec); |
201 | if (off + dest[i].data_size > len) | 204 | if ( (off + dest[i].data_size > len) || |
205 | (off + dest[i].data_size < off) ) | ||
202 | { | 206 | { |
203 | GNUNET_break_op (0); | 207 | GNUNET_break_op (0); |
204 | return GNUNET_SYSERR; | 208 | return GNUNET_SYSERR; |