vauth/cleartext: fix integer overflow check #2408
Closed
Conversation
Make the integer overflow check not rely on the undefined behavior that a size_t wraps around on overflow. Detected by lgtm.com
I use that overflow check pattern all the time, how is that undefined? size_t should always be unsigned unless gcc in early 90s maybe where they didn't follow the standard exactly. I think that checker is too sensitive. What about a username and password length check some small value like 1k instead of some chunk of size_t max |
Ah yes, I was a bit "blinded" by the warning so I didn't think properly. It actually shouldn't be undefined, no...
Yeah, I think that would make sense and would actually probably help to detect errors earlier and better... |
ok how about this diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
index 5d61ce6..b9a9be0 100644
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
plen = strlen(passwdp);
/* Compute binary message length. Check for overflows. */
- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
+ if(ulen > 1024 || plen > 1024)
return CURLE_OUT_OF_MEMORY;
plainlen = 2 * ulen + plen + 2;
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Make the integer overflow check not rely on the undefined behavior that
a size_t wraps around on overflow.
Detected by lgtm.com