gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 25/178: vauth/cleartext: fix integer overflow check

From: gnunet
Subject: [GNUnet-SVN] [gnurl] 25/178: vauth/cleartext: fix integer overflow check
Date: Wed, 23 May 2018 12:24:20 +0200 
This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit c1366571b609407cf0d4d9f4a2769d29e1313151
Author: Daniel Stenberg <address@hidden>
AuthorDate: Tue Mar 20 15:15:14 2018 +0100

    vauth/cleartext: fix integer overflow check
    
    Make the integer overflow check not rely on the undefined behavior that
    a size_t wraps around on overflow.
    
    Detected by lgtm.com
    Closes #2408
---
 lib/curl_ntlm_core.c  | 11 +----------
 lib/curl_setup.h      |  9 +++++++++
 lib/vauth/cleartext.c | 14 ++++----------
 3 files changed, 14 insertions(+), 20 deletions(-)

diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index e8962769c..72eda34ad 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -646,15 +646,6 @@ CURLcode Curl_hmac_md5(const unsigned char *key, unsigned 
int keylen,
   return CURLE_OK;
 }
 
-#ifndef SIZE_T_MAX
-/* some limits.h headers have this defined, some don't */
-#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4)
-#define SIZE_T_MAX 18446744073709551615U
-#else
-#define SIZE_T_MAX 4294967295U
-#endif
-#endif
-
 /* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
  * (uppercase UserName + Domain) as the data
  */
diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index f128696e9..e4503c64c 100644
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -447,6 +447,15 @@
 #  endif
 #endif
 
+#ifndef SIZE_T_MAX
+/* some limits.h headers have this defined, some don't */
+#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4)
+#define SIZE_T_MAX 18446744073709551615U
+#else
+#define SIZE_T_MAX 4294967295U
+#endif
+#endif
+
 /*
  * Arg 2 type for gethostname in case it hasn't been defined in config file.
  */
diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
index a761ae784..5d61ce6dc 100644
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -73,16 +73,10 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy 
*data,
   ulen = strlen(userp);
   plen = strlen(passwdp);
 
-  /* Compute binary message length, checking for overflows. */
-  plainlen = 2 * ulen;
-  if(plainlen < ulen)
-    return CURLE_OUT_OF_MEMORY;
-  plainlen += plen;
-  if(plainlen < plen)
-    return CURLE_OUT_OF_MEMORY;
-  plainlen += 2;
-  if(plainlen < 2)
+  /* Compute binary message length. Check for overflows. */
+  if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
     return CURLE_OUT_OF_MEMORY;
+  plainlen = 2 * ulen + plen + 2;
 
   plainauth = malloc(plainlen);
   if(!plainauth)

-- 
To stop receiving notification emails like this one, please contact
address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]