diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2018-03-20 15:15:14 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2018-03-20 19:25:50 +0100 |
| commit | c1366571b609407cf0d4d9f4a2769d29e1313151 (patch) | |
| tree | 38d0ac65b3a1303b97b9065aca308d44c3f4dbfa /lib/vauth | |
| parent | f623ad65e81c76f34130be272a4efe1d1abe1e13 (diff) | |
| download | curl-c1366571b609407cf0d4d9f4a2769d29e1313151.tar.gz | |
vauth/cleartext: fix integer overflow check
Make the integer overflow check not rely on the undefined behavior that
a size_t wraps around on overflow.
Detected by lgtm.com
Closes #2408
Diffstat (limited to 'lib/vauth')
| -rw-r--r-- | lib/vauth/cleartext.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c index a761ae784..5d61ce6dc 100644 --- a/lib/vauth/cleartext.c +++ b/lib/vauth/cleartext.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -73,16 +73,10 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, ulen = strlen(userp); plen = strlen(passwdp); - /* Compute binary message length, checking for overflows. */ - plainlen = 2 * ulen; - if(plainlen < ulen) - return CURLE_OUT_OF_MEMORY; - plainlen += plen; - if(plainlen < plen) - return CURLE_OUT_OF_MEMORY; - plainlen += 2; - if(plainlen < 2) + /* Compute binary message length. Check for overflows. */ + if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2))) return CURLE_OUT_OF_MEMORY; + plainlen = 2 * ulen + plen + 2; plainauth = malloc(plainlen); if(!plainauth) |