[Rpm-maint] [rpm-software-management/rpm] pgpGet(): check that the returned length is in bounds (#1706)

Demi Marie Obenour notifications at github.com
Fri Jun 18 09:05:04 UTC 2021


@DemiMarie commented on this pull request.



> + * hold `nbytes + *valp` bytes.
+ * @param s		pointer to read from
+ * @param nbytes	length of length field
+ * @param send		pointer past end of buffer
+ * @param[out] *valp	decoded length
+ * @return		0 if buffer can hold `nbytes + *valp` of data,
+ * 			otherwise -1.
+ */
+static int pgpGet(const uint8_t *s, size_t nbytes, const uint8_t *send,
+		  size_t *valp)
+{
+    int rc = -1;
+
+    if (nbytes <= send - s &&
+	nbytes <= sizeof(size_t) &&
+	nbytes <= sizeof(unsigned int)) {

What if I switched to `uint32_t` here?  That would be a separate PR, of course.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1706#discussion_r654268341
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210618/eb45a88d/attachment-0001.html>


More information about the Rpm-maint mailing list