diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-02 23:12:45 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-02 23:12:45 +0200 |
commit | 80b41e27b7361633bee17c64bbb95490dc94ab9f (patch) | |
tree | fb270c8adc591609b226355c2674eda4c0cb0167 /TODO | |
parent | f1aa65b94686c555151a6d18c06ae533f58c380e (diff) | |
download | eurephia-80b41e27b7361633bee17c64bbb95490dc94ab9f.tar.gz eurephia-80b41e27b7361633bee17c64bbb95490dc94ab9f.tar.xz eurephia-80b41e27b7361633bee17c64bbb95490dc94ab9f.zip |
Fixed possible integer overflow issue
The eDBopen_session_seed() function was prune to an integer overflow issue, if
the input data (some which comes from clients) exeeds the size_t max value which
calloc() uses (via malloc_nullsafe()). The totlen variable was in addition defined
as int and the totlen value was multiplied by 2.
The fix was to use the maximum values used when calling get_env(). These values the
maximum can then be added together to retrieve the maximum length of the seeddata string.
This should also make the execution go slightly quicker as strlen_nullsafe() is no
longer called for each of the input variables. In addition, there are no reasons to
multiply the totlen value by two as it did.
Credit goes to Larry Highsmith for noticing this potential problem.
Diffstat (limited to 'TODO')
0 files changed, 0 insertions, 0 deletions