diff options
author | Ulrich Drepper <drepper@redhat.com> | 2003-04-05 22:24:12 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2003-04-05 22:24:12 +0000 |
commit | a9f17952b8655c981638b3243d795961538d8998 (patch) | |
tree | 41955a44c21beb8c9aacf5aedbe5d316035b8407 /sunrpc/xdr.c | |
parent | abefbc51f4ea64c976501f518f28304c5c44f91b (diff) | |
download | glibc-a9f17952b8655c981638b3243d795961538d8998.zip glibc-a9f17952b8655c981638b3243d795961538d8998.tar.gz glibc-a9f17952b8655c981638b3243d795961538d8998.tar.bz2 |
Update.
* sunrpc/xdr.c (xdr_string): Catch nodesize == 0 [PR libc/4999].
Diffstat (limited to 'sunrpc/xdr.c')
-rw-r--r-- | sunrpc/xdr.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/sunrpc/xdr.c b/sunrpc/xdr.c index dbe1d88..d99a998 100644 --- a/sunrpc/xdr.c +++ b/sunrpc/xdr.c @@ -704,6 +704,13 @@ xdr_string (xdrs, cpp, maxsize) return FALSE; } nodesize = size + 1; + if (nodesize == 0) + { + /* This means an overflow. It a bug in the caller which + provided a too large maxsize but nevertheless catch it + here. */ + return FALSE; + } /* * now deal with the actual bytes @@ -711,10 +718,6 @@ xdr_string (xdrs, cpp, maxsize) switch (xdrs->x_op) { case XDR_DECODE: - if (nodesize == 0) - { - return TRUE; - } if (sp == NULL) *cpp = sp = (char *) mem_alloc (nodesize); if (sp == NULL) |