From e17f6194d3b238d4dfb67f14a9b18f3449ab5975 Mon Sep 17 00:00:00 2001 From: Ezra Peisach Date: Wed, 25 Jul 2001 10:26:42 +0000 Subject: [PATCH] * rc_dfl.c (krb5_rc_io_fetch): Once length element read from cache, and verified to be positive, put into unsigned int variable for passing to other functions that expect such. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13638 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/rcache/ChangeLog | 6 ++++++ src/lib/krb5/rcache/rc_dfl.c | 15 ++++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/lib/krb5/rcache/ChangeLog b/src/lib/krb5/rcache/ChangeLog index 36372cc03..103f9b5c7 100644 --- a/src/lib/krb5/rcache/ChangeLog +++ b/src/lib/krb5/rcache/ChangeLog @@ -1,3 +1,9 @@ +2001-07-24 Ezra Peisach + + * rc_dfl.c (krb5_rc_io_fetch): Once length element read from + cache, and verified to be positive, put into unsigned int variable + for passing to other functions that expect such. + 2001-07-04 Ezra Peisach * rc_io.c: Declare krb5_rc_io_open_internal static. diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c index 5225a64e1..589fcd383 100644 --- a/src/lib/krb5/rcache/rc_dfl.c +++ b/src/lib/krb5/rcache/rc_dfl.c @@ -312,18 +312,21 @@ static krb5_error_code krb5_rc_io_fetch(krb5_context context, struct dfl_data *t, krb5_donot_replay *rep, int maxlen) { - int len; + int len2; + unsigned int len; krb5_error_code retval; rep->client = rep->server = 0; - retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len, sizeof(len)); + retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len2, + sizeof(len2)); if (retval) return retval; - if ((len <= 0) || (len >= maxlen)) + if ((len2 <= 0) || (len2 >= maxlen)) return KRB5_RC_IO_EOF; + len = len2; rep->client = malloc (len); if (!rep->client) return KRB5_RC_MALLOC; @@ -332,14 +335,16 @@ krb5_rc_io_fetch(krb5_context context, struct dfl_data *t, if (retval) goto errout; - retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len, sizeof(len)); + retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len2, + sizeof(len2)); if (retval) goto errout; - if ((len <= 0) || (len >= maxlen)) { + if ((len2 <= 0) || (len2 >= maxlen)) { retval = KRB5_RC_IO_EOF; goto errout; } + len = len2; rep->server = malloc (len); if (!rep->server) { -- 2.26.2