yann@1: --- glibc-2.1.3/sunrpc/rpc/types.h	Fri Oct 16 13:43:49 1998
yann@1: +++ glibc-2.1.3/sunrpc/rpc/types.h	Thu Aug  1 09:06:38 2002
yann@1: @@ -55,6 +55,10 @@
yann@1:  
yann@1:  #include <stdlib.h>		/* For malloc decl.  */
yann@1:  #define mem_alloc(bsize)	malloc(bsize)
yann@1: +/*
yann@1: + * XXX: This must not use the second argument, or code in xdr_array.c needs
yann@1: + * to be modified.
yann@1: + */
yann@1:  #define mem_free(ptr, bsize)	free(ptr)
yann@1:  
yann@1:  #ifndef makedev /* ie, we haven't already included it */
yann@1: --- glibc-2.1.3/sunrpc/xdr_array.c	Thu Jul 16 15:23:51 1998
yann@1: +++ glibc-2.1.3/sunrpc/xdr_array.c	Thu Aug  1 09:07:45 2002
yann@1: @@ -44,6 +44,7 @@
yann@1:  #include <string.h>
yann@1:  #include <rpc/types.h>
yann@1:  #include <rpc/xdr.h>
yann@1: +#include <limits.h>
yann@1:  
yann@1:  #define LASTUNSIGNED	((u_int)0-1)
yann@1:  
yann@1: @@ -76,7 +77,11 @@
yann@1:        return FALSE;
yann@1:      }
yann@1:    c = *sizep;
yann@1: -  if ((c > maxsize) && (xdrs->x_op != XDR_FREE))
yann@1: +  /*
yann@1: +   * XXX: Let the overflow possibly happen with XDR_FREE because mem_free()
yann@1: +   * doesn't actually use its second argument anyway.
yann@1: +   */
yann@1: +  if ((c > maxsize || c > UINT_MAX / elsize) && (xdrs->x_op != XDR_FREE))
yann@1:      {
yann@1:        return FALSE;
yann@1:      }