[Rpm-maint] [rpm-software-management/rpm] pgpGet(): check that the returned length is in bounds (#1706)
Demi Marie Obenour
notifications at github.com
Fri Jun 18 09:05:04 UTC 2021
@DemiMarie commented on this pull request.
> + * hold `nbytes + *valp` bytes.
+ * @param s pointer to read from
+ * @param nbytes length of length field
+ * @param send pointer past end of buffer
+ * @param[out] *valp decoded length
+ * @return 0 if buffer can hold `nbytes + *valp` of data,
+ * otherwise -1.
+ */
+static int pgpGet(const uint8_t *s, size_t nbytes, const uint8_t *send,
+ size_t *valp)
+{
+ int rc = -1;
+
+ if (nbytes <= send - s &&
+ nbytes <= sizeof(size_t) &&
+ nbytes <= sizeof(unsigned int)) {
What if I switched to `uint32_t` here? That would be a separate PR, of course.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1706#discussion_r654268341
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210618/eb45a88d/attachment-0001.html>
More information about the Rpm-maint
mailing list