[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: security-related gcc bug

To: Howard Chu <hyc@symas.com>
Subject: Re: security-related gcc bug
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 8 Apr 2008 10:20:46 +0200
Cc: OpenLDAP Devel <openldap-devel@openldap.org>, Michael Ströder <michael@stroeder.com>
In-reply-to: <47FAD755.1050009@symas.com>
References: <47F9D652.2030408@stroeder.com> <hbf.20080407a3wg@bombur.uio.no> <47FAD755.1050009@symas.com>

Howard Chu writes:
> 	char buf[MYSIZE];
> 	ber_len_t len;		/* length of current buffer content */
> 	struct berval *in;	/* passed in, to be moved into buf */
>
> You just test:
> 	if ( in->bv_len > MYSIZE || in->bv_len + len > MYSIZE )
> 		return FAIL;

Except that in->bv_len + len can wrap around:-) In this case, use
if ( in->bv_len > MYSIZE - len ) since len will be <= MYSIZE.

-- 
Hallvard

Follow-Ups:
- Re: security-related gcc bug
  - From: Howard Chu <hyc@symas.com>
- Re: security-related gcc bug
  - From: Philip Guenther <guenther+ldapdev@sendmail.com>

References:
- security-related gcc bug
  - From: Michael Ströder <michael@stroeder.com>
- Re: security-related gcc bug
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: security-related gcc bug
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: security-related gcc bug
Next by Date: Re: security-related gcc bug
Index(es):
- Chronological
- Thread