aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGuy Harris <guy@alum.mit.edu>2019-10-03 17:29:04 -0700
committerGuy Harris <guy@alum.mit.edu>2019-10-03 17:29:04 -0700
commit432b46e390402acc684c9ae26e44a21c97f143dd (patch)
tree2dc2f8bda94c787772787956d3e3031030882aa4
parentbefdfc048cfe3c0af0a51e411a7a1300c8a1ea4e (diff)
Do the 32-bit overflow check more cleanly.
-rw-r--r--rpcapd/daemon.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
index 18923d81..51ed295d 100644
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -1574,17 +1574,17 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
/*
* Make sure that the reply length won't overflow 32 bits if we add the
* specified amount to it. If it won't, add that amount to it.
+ *
+ * We check whether replylen + itemlen > UINT32_MAX, but subtract itemlen
+ * from both sides, to prevent overflow.
*/
-#define CHECK_AND_INCREASE_REPLY_LEN(itemlen) { \
- size_t replylen_before = replylen; \
-\
- replylen += (uint32)(itemlen); \
- if (replylen < replylen_before) { \
+#define CHECK_AND_INCREASE_REPLY_LEN(itemlen) \
+ if (replylen > UINT32_MAX - (itemlen)) { \
pcap_strlcpy(errmsgbuf, "Reply length doesn't fit in 32 bits", \
sizeof (errmsgbuf)); \
goto error; \
} \
-}
+ replylen += (uint32)(itemlen);
static int
daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen)