Mercurial > pidgin.yaz

changeset 8753:c7e9687bfd79

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 9508] " This patch fixes a possible integer overflow when allocating memory in nm_read_fields." --Mike Stoddard committer: Tailor Script <tailor@pidgin.im>
author Luke Schierer <lschiere@pidgin.im>
date Thu, 22 Apr 2004 04:44:41 +0000
parents 0861903359f9
children 9b0092f2d1d9
files src/protocols/novell/nmconn.c src/protocols/novell/nmfield.h
diffstat 2 files changed, 12 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/src/protocols/novell/nmconn.c	Thu Apr 22 04:43:22 2004 +0000
+++ b/src/protocols/novell/nmconn.c	Thu Apr 22 04:44:41 2004 +0000
@@ -486,7 +486,7 @@
 		return NMERR_BAD_PARM;
 
 	do {
-		if (count !=  -1) {
+		if (count > 0) {
 			count--;
 		}
 
@@ -537,17 +537,23 @@
 			if (rc != NM_OK)
 				break;
 
+			if (val >= NMFIELD_MAX_STR_LENGTH) {
+				rc = NMERR_PROTOCOL;
+				break;
+			}
+
 			if (val > 0) {
 				str = g_new0(char, val + 1);
 
 				rc = nm_read_all(conn, str, val);
 				if (rc != NM_OK)
 					break;
+
+				*fields = nm_add_field(*fields, tag, 0, method, 0,
+									   (guint32) str, type);
+				str = NULL;
 			}
 
-			*fields = nm_add_field(*fields, tag, 0, method, 0,
-								   (guint32) str, type);
-			str = NULL;
 		} else {
 
 			/* Read the numerical value */
--- a/src/protocols/novell/nmfield.h	Thu Apr 22 04:43:22 2004 +0000
+++ b/src/protocols/novell/nmfield.h	Thu Apr 22 04:44:41 2004 +0000
@@ -126,6 +126,8 @@
 #define	NM_FIELD_TRUE					"1"
 #define	NM_FIELD_FALSE					"0"
 
+#define NMFIELD_MAX_STR_LENGTH			32768
+
 /**
  * Count the number of fields
  *