diff options
| author | Sumit Bose <sbose@redhat.com> | 2010-12-07 17:01:04 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-11 12:25:02 -0500 |
| commit | 004ce53d0e760b6e68579e0ef910dc0b9b677988 (patch) | |
| tree | cf5abe72bacb82f438727156e9e3c467a3d864ba | |
| parent | 9c0dba9a2928b4b262283ed957a55fa10d5b269f (diff) | |
| download | sssd-1-4.tar.gz sssd-1-4.tar.xz sssd-1-4.zip | |
Add overflow check to SAFEALIGN_COPY_*_CHECK macrossssd-1-4
| -rw-r--r-- | src/util/util.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/util/util.h b/src/util/util.h index 7c355500e..50c5fe2f2 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -207,12 +207,14 @@ safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter) SAFEALIGN_SET_VALUE(dest, value, uint16_t, pctr) #define SAFEALIGN_COPY_UINT32_CHECK(dest, src, len, pctr) do { \ - if ((*(pctr) + sizeof(uint32_t)) > (len)) return EINVAL; \ + if ((*(pctr) + sizeof(uint32_t)) > (len) || \ + SIZE_T_OVERFLOW(*(pctr), sizeof(uint32_t))) return EINVAL; \ safealign_memcpy(dest, src, sizeof(uint32_t), pctr); \ } while(0) #define SAFEALIGN_COPY_INT32_CHECK(dest, src, len, pctr) do { \ - if ((*(pctr) + sizeof(int32_t)) > (len)) return EINVAL; \ + if ((*(pctr) + sizeof(int32_t)) > (len) || \ + SIZE_T_OVERFLOW(*(pctr), sizeof(int32_t))) return EINVAL; \ safealign_memcpy(dest, src, sizeof(int32_t), pctr); \ } while(0) |