From: Jim Rees Date: Fri, 21 Mar 2003 18:36:42 +0000 (+0000) Subject: STABLE12-xdrmem-getbytes-20030321 X-Git-Tag: openafs-stable-1_2_9~24 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=c6d666dcc1842bae5bc7796863e36c2c30eea373;p=packages%2Fo%2Fopenafs.git STABLE12-xdrmem-getbytes-20030321 See, for example: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt This source is unused but it seems like a good idea to patch it anyway. (cherry picked from commit 7f4d43ac2f6d7b44a5f07be6e59d45bf9c6736dc) --- diff --git a/src/rx/xdr_mem.c b/src/rx/xdr_mem.c index 0047b37cf..a11cfa70e 100644 --- a/src/rx/xdr_mem.c +++ b/src/rx/xdr_mem.c @@ -84,7 +84,7 @@ xdrmem_create(xdrs, addr, size, op) xdrs->x_op = op; xdrs->x_ops = &xdrmem_ops; xdrs->x_private = xdrs->x_base = addr; - xdrs->x_handy = size; + xdrs->x_handy = (size > INT_MAX) ? INT_MAX : size; /* XXX */ } static void @@ -98,12 +98,14 @@ xdrmem_getint32(xdrs, lp) register XDR *xdrs; afs_int32 *lp; { - - if ((xdrs->x_handy -= sizeof(afs_int32)) < 0) - return (FALSE); - *lp = ntohl(*((afs_int32 *)(xdrs->x_private))); - xdrs->x_private += sizeof(afs_int32); - return (TRUE); + if (xdrs->x_handy -= sizeof(afs_int32)) + return (FALSE); + else + xdrs->x_handy -= sizeof(afs_int32); + + *lp = ntohl(*((afs_int32 *)(xdrs->x_private))); + xdrs->x_private += sizeof(afs_int32); + return (TRUE); } static bool_t @@ -111,12 +113,14 @@ xdrmem_putint32(xdrs, lp) register XDR *xdrs; afs_int32 *lp; { - - if ((xdrs->x_handy -= sizeof(afs_int32)) < 0) - return (FALSE); - *(afs_int32 *)xdrs->x_private = htonl(*lp); - xdrs->x_private += sizeof(afs_int32); - return (TRUE); + if (xdrs->x_handy -= sizeof(afs_int32)) + eturn (FALSE); + else + xdrs->x_handy -= sizeof(afs_int32); + + *(afs_int32 *)xdrs->x_private = htonl(*lp); + xdrs->x_private += sizeof(afs_int32); + return (TRUE); } static bool_t @@ -125,12 +129,14 @@ xdrmem_getbytes(xdrs, addr, len) caddr_t addr; register u_int len; { - - if ((xdrs->x_handy -= len) < 0) - return (FALSE); - memcpy(addr, xdrs->x_private, len); - xdrs->x_private += len; - return (TRUE); + if (xdrs->x_handy < len) + return (FALSE); + else + xdrs->x_handy -= len; + + memcpy(addr, xdrs->x_private, len); + xdrs->x_private += len; + return (TRUE); } static bool_t @@ -139,12 +145,14 @@ xdrmem_putbytes(xdrs, addr, len) caddr_t addr; register u_int len; { - - if ((xdrs->x_handy -= len) < 0) - return (FALSE); - memcpy(xdrs->x_private, addr, len); - xdrs->x_private += len; - return (TRUE); + if (xdrs->x_handy < len) + return (FALSE); + else + xdrs->x_handy -= len; + + memcpy(xdrs->x_private, addr, len); + xdrs->x_private += len; + return (TRUE); } static u_int @@ -177,7 +185,7 @@ xdrmem_inline(xdrs, len) { afs_int32 *buf = 0; - if (xdrs->x_handy >= len) { + if (len >= 0 && xdrs->x_handy >= len) { xdrs->x_handy -= len; buf = (afs_int32 *) xdrs->x_private; xdrs->x_private += len;