[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: security-related gcc bug

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: security-related gcc bug
From: Philip Guenther <guenther+ldapdev@sendmail.com>
Date: Tue, 8 Apr 2008 02:42:40 -0600
Cc: Howard Chu <hyc@symas.com>, OpenLDAP Devel <openldap-devel@openldap.org>
In-reply-to: <hbf.20080408wyi3@bombur.uio.no>
References: <47F9D652.2030408@stroeder.com> <hbf.20080407a3wg@bombur.uio.no> <47FAD755.1050009@symas.com> <hbf.20080408wyi3@bombur.uio.no>
User-agent: Alpine 1.00 (BSO 882 2007-12-20)

On Tue, 8 Apr 2008, Hallvard B Furuseth wrote:

Howard Chu writes:

You just test:
	if ( in->bv_len > MYSIZE || in->bv_len + len > MYSIZE )
		return FAIL;


Except that in->bv_len + len can wrap around:-) In this case, use
if ( in->bv_len > MYSIZE - len ) since len will be <= MYSIZE.

No, you don't know whether len is <= MYSIZE, but you _do_ know that in->bv_len is less than MYSIZE from the first clause in the test. So: if ( in->bv_len > MYSIZE || len > MYSIZE - in->bv_len ) return FAIL;


Philip Guenther

Follow-Ups:
- Re: security-related gcc bug
  - From: Howard Chu <hyc@symas.com>

References:
- security-related gcc bug
  - From: Michael Ströder <michael@stroeder.com>
- Re: security-related gcc bug
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: security-related gcc bug
  - From: Howard Chu <hyc@symas.com>
- Re: security-related gcc bug
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: security-related gcc bug
Next by Date: Re: security-related gcc bug
Index(es):
- Chronological
- Thread