aboutsummaryrefslogtreecommitdiff
path: root/sunrpc/xdr.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2003-04-05 22:24:12 +0000
committerUlrich Drepper <drepper@redhat.com>2003-04-05 22:24:12 +0000
commita9f17952b8655c981638b3243d795961538d8998 (patch)
tree41955a44c21beb8c9aacf5aedbe5d316035b8407 /sunrpc/xdr.c
parentabefbc51f4ea64c976501f518f28304c5c44f91b (diff)
downloadglibc-a9f17952b8655c981638b3243d795961538d8998.zip
glibc-a9f17952b8655c981638b3243d795961538d8998.tar.gz
glibc-a9f17952b8655c981638b3243d795961538d8998.tar.bz2
Update.
* sunrpc/xdr.c (xdr_string): Catch nodesize == 0 [PR libc/4999].
Diffstat (limited to 'sunrpc/xdr.c')
-rw-r--r--sunrpc/xdr.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/sunrpc/xdr.c b/sunrpc/xdr.c
index dbe1d88..d99a998 100644
--- a/sunrpc/xdr.c
+++ b/sunrpc/xdr.c
@@ -704,6 +704,13 @@ xdr_string (xdrs, cpp, maxsize)
return FALSE;
}
nodesize = size + 1;
+ if (nodesize == 0)
+ {
+ /* This means an overflow. It a bug in the caller which
+ provided a too large maxsize but nevertheless catch it
+ here. */
+ return FALSE;
+ }
/*
* now deal with the actual bytes
@@ -711,10 +718,6 @@ xdr_string (xdrs, cpp, maxsize)
switch (xdrs->x_op)
{
case XDR_DECODE:
- if (nodesize == 0)
- {
- return TRUE;
- }
if (sp == NULL)
*cpp = sp = (char *) mem_alloc (nodesize);
if (sp == NULL)