| author | "Yann E. MORIN" <yann.morin.1998@anciens.enib.fr> |
| Sat Jul 28 21:34:41 2007 +0000 (2007-07-28) | |
| changeset 301 | 2be7232a73ac |
| permissions | -rw-r--r-- |
| yann@1 | 1 |
--- glibc-2.1.3/sunrpc/rpc/types.h Fri Oct 16 13:43:49 1998 |
| yann@1 | 2 |
+++ glibc-2.1.3/sunrpc/rpc/types.h Thu Aug 1 09:06:38 2002 |
| yann@1 | 3 |
@@ -55,6 +55,10 @@ |
| yann@1 | 4 |
|
| yann@1 | 5 |
#include <stdlib.h> /* For malloc decl. */ |
| yann@1 | 6 |
#define mem_alloc(bsize) malloc(bsize) |
| yann@1 | 7 |
+/* |
| yann@1 | 8 |
+ * XXX: This must not use the second argument, or code in xdr_array.c needs |
| yann@1 | 9 |
+ * to be modified. |
| yann@1 | 10 |
+ */ |
| yann@1 | 11 |
#define mem_free(ptr, bsize) free(ptr) |
| yann@1 | 12 |
|
| yann@1 | 13 |
#ifndef makedev /* ie, we haven't already included it */ |
| yann@1 | 14 |
--- glibc-2.1.3/sunrpc/xdr_array.c Thu Jul 16 15:23:51 1998 |
| yann@1 | 15 |
+++ glibc-2.1.3/sunrpc/xdr_array.c Thu Aug 1 09:07:45 2002 |
| yann@1 | 16 |
@@ -44,6 +44,7 @@ |
| yann@1 | 17 |
#include <string.h> |
| yann@1 | 18 |
#include <rpc/types.h> |
| yann@1 | 19 |
#include <rpc/xdr.h> |
| yann@1 | 20 |
+#include <limits.h> |
| yann@1 | 21 |
|
| yann@1 | 22 |
#define LASTUNSIGNED ((u_int)0-1) |
| yann@1 | 23 |
|
| yann@1 | 24 |
@@ -76,7 +77,11 @@ |
| yann@1 | 25 |
return FALSE; |
| yann@1 | 26 |
} |
| yann@1 | 27 |
c = *sizep; |
| yann@1 | 28 |
- if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) |
| yann@1 | 29 |
+ /* |
| yann@1 | 30 |
+ * XXX: Let the overflow possibly happen with XDR_FREE because mem_free() |
| yann@1 | 31 |
+ * doesn't actually use its second argument anyway. |
| yann@1 | 32 |
+ */ |
| yann@1 | 33 |
+ if ((c > maxsize || c > UINT_MAX / elsize) && (xdrs->x_op != XDR_FREE)) |
| yann@1 | 34 |
{
|
| yann@1 | 35 |
return FALSE; |
| yann@1 | 36 |
} |