From: Frank Lichtenheld <[email protected]> Since we translate between different APIs casts are unavoidable. Make sure they are safe.
Change-Id: If3331a2d0477634af077b4c29963dbec6d04e17b Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Arne Schwabe <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1296 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1296 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe <[email protected]> diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index 9afb181..14118a9 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -53,18 +53,17 @@ } #endif -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - static void -__mysleep(const unsigned long usec) +__mysleep(unsigned long usec) { #if defined(_WIN32) Sleep(usec / 1000); #else - usleep(usec); + if (usec > UINT_MAX) + { + usec = UINT_MAX; + } + usleep((useconds_t)usec); #endif } @@ -528,7 +527,13 @@ goto cleanup; } - if (openvpn_base64_encode(certificate_blob, certificate_blob_size, &internal_base64) == -1) + if (certificate_blob_size > INT_MAX) + { + msg(M_WARN, "PKCS#11: Invalid certificate size %zu", certificate_blob_size); + goto cleanup; + } + + if (openvpn_base64_encode(certificate_blob, (int)certificate_blob_size, &internal_base64) == -1) { msg(M_WARN, "PKCS#11: Cannot encode certificate"); goto cleanup; @@ -563,10 +568,6 @@ return success; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - int tls_ctx_use_pkcs11(struct tls_root_ctx *const ssl_ctx, bool pkcs11_id_management, const char *const pkcs11_id) _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
