diff options
author | kotkov <kotkov@13f79535-47bb-0310-9956-ffa450edef68> | 2022-10-20 11:09:50 +0000 |
---|---|---|
committer | kotkov <kotkov@13f79535-47bb-0310-9956-ffa450edef68> | 2022-10-20 11:09:50 +0000 |
commit | 815e0f8a8eaf836326a8f5f4189db568f67aeee0 (patch) | |
tree | ac77ca7e6856dbaf01dc42e3006b36a2b791ee67 | |
parent | ac5586cdb90138d182ff314b9b12e6fbcd03be89 (diff) | |
download | libapr-815e0f8a8eaf836326a8f5f4189db568f67aeee0.tar.gz |
On 1.8.x branch: Merge r1904734 from trunk:
Following up on r1904715, rework the check to properly handle an
overflow when apr_size_t is 32-bit long.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.8.x@1904735 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | network_io/win32/sendrecv.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/network_io/win32/sendrecv.c b/network_io/win32/sendrecv.c index f5f23d2c7..6620e1382 100644 --- a/network_io/win32/sendrecv.c +++ b/network_io/win32/sendrecv.c @@ -108,17 +108,12 @@ APR_DECLARE(apr_status_t) apr_socket_sendv(apr_socket_t *sock, total_len = 0; for (i = 0; i < in_vec; i++) { apr_size_t iov_len = vec[i].iov_len; - if (iov_len > MAXDWORD) { - /* WSASend() returns NumberOfBytesSent as DWORD, so any iovec - should be less than that. */ - return APR_EINVAL; - } - total_len += iov_len; - if (total_len > MAXDWORD) { + if (iov_len > (apr_size_t)MAXDWORD - total_len) { /* WSASend() returns NumberOfBytesSent as DWORD, so the total size should be less than that. */ return APR_EINVAL; } + total_len += iov_len; } pWsaBuf = (in_vec <= WSABUF_ON_STACK) ? _alloca(sizeof(WSABUF) * (in_vec)) |