diff options
| author | Werner Koch <[email protected]> | 2015-02-11 09:27:57 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2015-02-11 09:28:25 +0000 |
| commit | 2183683bd633818dd031b090b5530951de76f392 (patch) | |
| tree | af283f4f329a140b76df6f7e83dce7ebb07aabb8 /common/iobuf.c | |
| parent | gpg: Prevent an invalid memory read using a garbled keyring. (diff) | |
| download | gnupg-2183683bd633818dd031b090b5530951de76f392.tar.gz gnupg-2183683bd633818dd031b090b5530951de76f392.zip | |
Use inline functions to convert buffer data to scalars.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to
avoid all sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'common/iobuf.c')
| -rw-r--r-- | common/iobuf.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/common/iobuf.c b/common/iobuf.c index badbf78da..ca74bd71e 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -871,7 +871,7 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer, } else if (c == 255) { - a->size = iobuf_get (chain) << 24; + a->size = (size_t)iobuf_get (chain) << 24; a->size |= iobuf_get (chain) << 16; a->size |= iobuf_get (chain) << 8; if ((c = iobuf_get (chain)) == -1) @@ -1228,9 +1228,12 @@ iobuf_t iobuf_temp_with_content (const char *buffer, size_t length) { iobuf_t a; + int i; a = iobuf_alloc (3, length); - memcpy (a->d.buf, buffer, length); + /* memcpy (a->d.buf, buffer, length); */ + for (i=0; i < length; i++) + a->d.buf[i] = buffer[i]; a->d.len = length; return a; |