- Timestamp:
- Mar 5, 2016, 11:02:21 AM (9 years ago)
- File:
-
- 1 edited
-
trunk/src/sh_static.c (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/sh_static.c
r501 r502 1052 1052 if (!data) 1053 1053 return -1; 1054 if ((offset < 0) || (offset > (PACKETSZ-1))) 1055 return -1; 1054 1056 while ((l=data[offset])) { 1055 if (offset < INT_MAX) offset++;1057 if (offset < (PACKETSZ-1)) offset++; 1056 1058 else return -1; 1057 1059 if (measure) … … 1062 1064 /* compressed item, redirect */ 1063 1065 offset = ((l & 0x3f) << 8) | data[offset]; 1064 if ( offset < 0)1066 if ((offset < 0) || (offset > (PACKETSZ-1))) 1065 1067 return -1; 1066 1068 measure = 0; … … 1076 1078 memcpy(dest + used, data + offset, l); 1077 1079 1078 if (offset <= ( INT_MAX- l))1080 if (offset <= ((PACKETSZ-1) - l)) 1079 1081 offset += l; 1080 1082 else … … 1088 1090 { if (total <= (INT_MAX -l)) total += l; else return -1; } 1089 1091 1090 if (used == INT_MAX)1092 if (used >= maxlen) 1091 1093 return -1; 1092 1094 if (data[offset] != 0) … … 1113 1115 1114 1116 i = __decode_dotted(message, offset, temp, sizeof(temp)); 1115 if (i < 0 )1116 return i;1117 1118 if (offset <= ( INT_MAX- i))1117 if (i < 0 || i > PACKETSZ) 1118 return -1; 1119 1120 if (offset <= ((PACKETSZ - 10) - i)) 1119 1121 message += offset + i; 1120 1122 else … … 1349 1351 } 1350 1352 1353 /* ok because we have checked that recv at least HFIXEDSZ */ 1351 1354 __decode_header(packet, &h); 1352 1355 … … 1382 1385 goto again; 1383 1386 pos += i; 1387 if (pos >= PACKETSZ) 1388 goto again; 1384 1389 } 1385 1390 DPRINTF("Decoding answer at pos %d\n", pos); … … 1400 1405 free(a->dotted); 1401 1406 pos += i; 1407 if (pos >= PACKETSZ) 1408 goto again; 1402 1409 } 1403 1410
Note:
See TracChangeset
for help on using the changeset viewer.
