# HG changeset patch
# User Luke Schierer <lschiere@pidgin.im>
# Date 1082609081 0
# Node ID c7e9687bfd79b5141e9b3a5363cd987db189ba15
# Parent  0861903359f993a5c780eab9ab8eb6dca67c7cbc
[gaim-migrate @ 9508]
" This patch fixes a possible integer overflow when
allocating memory in nm_read_fields." --Mike Stoddard

committer: Tailor Script <tailor@pidgin.im>

diff -r 0861903359f9 -r c7e9687bfd79 src/protocols/novell/nmconn.c
--- a/src/protocols/novell/nmconn.c	Thu Apr 22 04:43:22 2004 +0000
+++ b/src/protocols/novell/nmconn.c	Thu Apr 22 04:44:41 2004 +0000
@@ -486,7 +486,7 @@
 		return NMERR_BAD_PARM;
 
 	do {
-		if (count !=  -1) {
+		if (count > 0) {
 			count--;
 		}
 
@@ -537,17 +537,23 @@
 			if (rc != NM_OK)
 				break;
 
+			if (val >= NMFIELD_MAX_STR_LENGTH) {
+				rc = NMERR_PROTOCOL;
+				break;
+			}
+
 			if (val > 0) {
 				str = g_new0(char, val + 1);
 
 				rc = nm_read_all(conn, str, val);
 				if (rc != NM_OK)
 					break;
+
+				*fields = nm_add_field(*fields, tag, 0, method, 0,
+									   (guint32) str, type);
+				str = NULL;
 			}
 
-			*fields = nm_add_field(*fields, tag, 0, method, 0,
-								   (guint32) str, type);
-			str = NULL;
 		} else {
 
 			/* Read the numerical value */
diff -r 0861903359f9 -r c7e9687bfd79 src/protocols/novell/nmfield.h
--- a/src/protocols/novell/nmfield.h	Thu Apr 22 04:43:22 2004 +0000
+++ b/src/protocols/novell/nmfield.h	Thu Apr 22 04:44:41 2004 +0000
@@ -126,6 +126,8 @@
 #define	NM_FIELD_TRUE					"1"
 #define	NM_FIELD_FALSE					"0"
 
+#define NMFIELD_MAX_STR_LENGTH			32768
+
 /**
  * Count the number of fields
  *