nightmaremail

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs

commit ad73be052759c9472bcd1b871bd402eacf80da78
parent 628b8661ef57c9d5badd1a808482f88a31c4da4d
Author: Rolf Eike Beer <eike@sf-mail.de>
Date:   Tue, 12 May 2020 20:22:22 +0200

fix string length calculation overflow in quote() helper

Diffstat:
MMakefile | 2+-
Mquote.c | 11++++++++++-
2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile @@ -1659,7 +1659,7 @@ tryutmpx.c compile load qtmp.h1 qtmp.h2 rm -f tryutmpx.o tryutmpx quote.o: \ -compile quote.c stralloc.h gen_alloc.h str.h quote.h +compile quote.c stralloc.h gen_alloc.h str.h quote.h oflops.h error.h ./compile quote.c rcpthosts.o: \ diff --git a/quote.c b/quote.c @@ -1,3 +1,5 @@ +#include "error.h" +#include "oflops.h" #include "stralloc.h" #include "str.h" #include "quote.h" @@ -23,8 +25,15 @@ stralloc *sain; char ch; int i; int j; + unsigned int nlen; - if (!stralloc_ready(saout,sain->len * 2 + 2)) return 0; + /* make sure the size calculation below does not overflow */ + if (__builtin_mul_overflow(sain->len, 2, &nlen) || + __builtin_add_overflow(nlen, 2, &nlen)) { + errno = error_nomem; + return 0; + } + if (!stralloc_ready(saout,nlen)) return 0; j = 0; saout->s[j++] = '"'; for (i = 0;i < sain->len;++i)