Skip to content

os400sys: fix theoretical length overflows#21840

Closed
vszakats wants to merge 3 commits into
curl:masterfrom
vszakats:os400over
Closed

os400sys: fix theoretical length overflows#21840
vszakats wants to merge 3 commits into
curl:masterfrom
vszakats:os400over

Conversation

@vszakats

@vszakats vszakats commented Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Member

When converting a size_t to unsigned int.

Another instance spotted by Copilot.

Reported-by: Gao Liyou
Ref: #21825

@vszakats
os400sys: fix theoretical length overflow
9944874 
When converting a `size_t` to `unsigned int`.

Reported-by: Gao Liyou
Ref: curl#21825
@github-actions github-actions Bot added the build label Jun 2, 2026
@vszakats vszakats requested a review from Copilot June 2, 2026 07:27
Copilot AI reviewed Jun 2, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a theoretical integer truncation/overflow risk in the OS/400 GSSAPI ASCII wrapper when converting a size_t buffer length into an unsigned int for allocation and conversion.

Changes:

  • Add a bounds check before casting inp->length (size_t) to unsigned int in Curl_gss_init_sec_context_a.
  • Fail early when the input token length is too large to be safely represented/used with unsigned int-based allocation and indexing.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread projects/OS400/os400sys.c
@vszakats vszakats requested a review from Copilot June 2, 2026 07:35
Copilot AI reviewed Jun 2, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

Comment thread projects/OS400/os400sys.c
Comment thread projects/OS400/os400sys.c Outdated
bagder
bagder reviewed Jun 2, 2026
View reviewed changes
Comment thread projects/OS400/os400sys.c Outdated
@vszakats vszakats changed the title os400sys: fix theoretical length overflow os400sys: fix theoretical length overflows Jun 2, 2026
@vszakats vszakats requested a review from Copilot June 2, 2026 07:59
Copilot AI reviewed Jun 2, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

@vszakats vszakats closed this in 4c49ed1 Jun 2, 2026
@vszakats vszakats deleted the os400over branch June 2, 2026 08:06
outcast36 pushed a commit to greearb/curl that referenced this pull request Jun 3, 2026
@vszakats
os400sys: fix theoretical length overflows
b84a70a 
When converting a `size_t` to `unsigned int`.

Another instance spotted by Copilot.

Reported-by: Gao Liyou
Ref: curl#21825
Closes curl#21840
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bagder bagder bagder left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

build

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vszakats @bagder