mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 16:48:49 -05:00
vauth/cleartext: fix integer overflow check
Make the integer overflow check not rely on the undefined behavior that a size_t wraps around on overflow. Detected by lgtm.com Closes #2408
This commit is contained in:
parent
f623ad65e8
commit
c1366571b6
@ -5,7 +5,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@ -646,15 +646,6 @@ CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen,
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
#ifndef SIZE_T_MAX
|
||||
/* some limits.h headers have this defined, some don't */
|
||||
#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4)
|
||||
#define SIZE_T_MAX 18446744073709551615U
|
||||
#else
|
||||
#define SIZE_T_MAX 4294967295U
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
|
||||
* (uppercase UserName + Domain) as the data
|
||||
*/
|
||||
|
@ -447,6 +447,15 @@
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef SIZE_T_MAX
|
||||
/* some limits.h headers have this defined, some don't */
|
||||
#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4)
|
||||
#define SIZE_T_MAX 18446744073709551615U
|
||||
#else
|
||||
#define SIZE_T_MAX 4294967295U
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Arg 2 type for gethostname in case it hasn't been defined in config file.
|
||||
*/
|
||||
|
@ -5,7 +5,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@ -73,16 +73,10 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
|
||||
ulen = strlen(userp);
|
||||
plen = strlen(passwdp);
|
||||
|
||||
/* Compute binary message length, checking for overflows. */
|
||||
plainlen = 2 * ulen;
|
||||
if(plainlen < ulen)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
plainlen += plen;
|
||||
if(plainlen < plen)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
plainlen += 2;
|
||||
if(plainlen < 2)
|
||||
/* Compute binary message length. Check for overflows. */
|
||||
if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
plainlen = 2 * ulen + plen + 2;
|
||||
|
||||
plainauth = malloc(plainlen);
|
||||
if(!plainauth)
|
||||
|
Loading…
Reference in New Issue
Block a user