summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkotkov <kotkov@13f79535-47bb-0310-9956-ffa450edef68>2022-10-20 11:12:10 +0000
committerkotkov <kotkov@13f79535-47bb-0310-9956-ffa450edef68>2022-10-20 11:12:10 +0000
commit979ba6d5861ee287b5a5690538ad0632c23ea92e (patch)
tree876ffcb15fdc22092126b7e49d502dba4d4b0eaf
parentc71a6a8bafc2bb9e41546a7e5415705636f51d94 (diff)
downloadlibapr-979ba6d5861ee287b5a5690538ad0632c23ea92e.tar.gz
On 1.7.x branch: Merge r1904735 from 1.8.x branch:
Following up on r1904715, rework the check to properly handle an overflow when apr_size_t is 32-bit long. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1904736 13f79535-47bb-0310-9956-ffa450edef68
Diffstat
-rw-r--r--network_io/win32/sendrecv.c9
1 files changed, 2 insertions, 7 deletions
diff --git a/network_io/win32/sendrecv.c b/network_io/win32/sendrecv.c
index f5f23d2c7..6620e1382 100644
--- a/network_io/win32/sendrecv.c
+++ b/network_io/win32/sendrecv.c
@@ -108,17 +108,12 @@ APR_DECLARE(apr_status_t) apr_socket_sendv(apr_socket_t *sock,
total_len = 0;
for (i = 0; i < in_vec; i++) {
apr_size_t iov_len = vec[i].iov_len;
- if (iov_len > MAXDWORD) {
- /* WSASend() returns NumberOfBytesSent as DWORD, so any iovec
- should be less than that. */
- return APR_EINVAL;
- }
- total_len += iov_len;
- if (total_len > MAXDWORD) {
+ if (iov_len > (apr_size_t)MAXDWORD - total_len) {
/* WSASend() returns NumberOfBytesSent as DWORD, so the total size
should be less than that. */
return APR_EINVAL;
}
+ total_len += iov_len;
}
pWsaBuf = (in_vec <= WSABUF_ON_STACK) ? _alloca(sizeof(WSABUF) * (in_vec))
View Lorry Controller Status