Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upvauth/cleartext: fix integer overflow check #2408
Conversation
|
I use that overflow check pattern all the time, how is that undefined? size_t should always be unsigned unless gcc in early 90s maybe where they didn't follow the standard exactly. I think that checker is too sensitive. What about a username and password length check some small value like 1k instead of some chunk of size_t max |
|
Ah yes, I was a bit "blinded" by the warning so I didn't think properly. It actually shouldn't be undefined, no...
Yeah, I think that would make sense and would actually probably help to detect errors earlier and better... |
|
ok how about this diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
index 5d61ce6..b9a9be0 100644
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@@ -74,7 +74,7 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
plen = strlen(passwdp);
/* Compute binary message length. Check for overflows. */
- if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
+ if(ulen > 1024 || plen > 1024)
return CURLE_OUT_OF_MEMORY;
plainlen = 2 * ulen + plen + 2;
|
bagder commentedMar 20, 2018
Make the integer overflow check not rely on the undefined behavior that
a size_t wraps around on overflow.
Detected by lgtm.com