On 06/01/2011 09:14 AM, Jan Friesse wrote:
> md->state_var.curlen theoretically could be sizeof(buf) so overflow
> could happen.
>
> Need REALLY proper review.
> Signed-off-by: Jan Friesse <jfrie...@redhat.com>
> ---
> exec/crypto.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/exec/crypto.c b/exec/crypto.c
> index 901797a..5e0e8a6 100644
> --- a/exec/crypto.c
> +++ b/exec/crypto.c
> @@ -287,6 +287,9 @@ int func_name (hash_state * md, const unsigned char *buf,
> unsigned long len)
> len -= block_size;
> \
> } else {
> \
> n = MIN(len, (block_size - md-> state_var .curlen));
> \
> + if (md-> state_var .curlen == sizeof(md-> state_var .buf)) {
> \
> + return CRYPT_INVALID_ARG;
> \
> + }
> \
> memcpy(md-> state_var .buf + md-> state_var.curlen, buf,
> (size_t)n); \
> md-> state_var .curlen += n;
> \
> buf += n;
> \
Not totally understanding how this macro works, we can ignore this
coverity error since I'd rather not break something just to fix a warning.
_______________________________________________
Openais mailing list
Openais@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/openais
