From: Greg Hudson Date: Thu, 5 Feb 2009 19:59:09 +0000 (+0000) Subject: In krb5_rc_io_store, check the return value of krb5int_buf_len as well X-Git-Tag: krb5-1.8-alpha1~706 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=5f5d84a4c967a75b4ceece2392f7d2c327f02a8c;p=krb5.git In krb5_rc_io_store, check the return value of krb5int_buf_len as well as krb5int_buf_data. The length can't be negative if the data is non-NULL, but Coverity doesn't know that. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21898 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c index 91eaaea94..c831ba02d 100644 --- a/src/lib/krb5/rcache/rc_dfl.c +++ b/src/lib/krb5/rcache/rc_dfl.c @@ -656,10 +656,11 @@ krb5_rc_io_store(krb5_context context, struct dfl_data *t, krb5_donot_replay *rep) { size_t clientlen, serverlen; + ssize_t buflen; unsigned int len; krb5_error_code ret; struct k5buf buf, extbuf; - char *ptr, *extstr; + char *bufptr, *extstr; clientlen = strlen(rep->client); serverlen = strlen(rep->server); @@ -706,11 +707,12 @@ krb5_rc_io_store(krb5_context context, struct dfl_data *t, krb5int_buf_add_len(&buf, (char *) &rep->cusec, sizeof(rep->cusec)); krb5int_buf_add_len(&buf, (char *) &rep->ctime, sizeof(rep->ctime)); - ptr = krb5int_buf_data(&buf); - if (ptr == NULL) + bufptr = krb5int_buf_data(&buf); + buflen = krb5int_buf_len(&buf); + if (bufptr == NULL || buflen < 0) return KRB5_RC_MALLOC; - ret = krb5_rc_io_write(context, &t->d, ptr, krb5int_buf_len(&buf)); + ret = krb5_rc_io_write(context, &t->d, bufptr, buflen); krb5int_free_buf(&buf); return ret; }