Tighten up a lot of casts from unsigned to int which are read by one

of the GET_32BIT macros and then used as length fields. Missing bounds checks against zero have been added, and also I've introduced a helper function toint() which casts from unsigned to int in such a way as to avoid C undefined behaviour, since I'm not sure I trust compilers any more to do the obviously sensible thing. [originally from svn r9918]
2025-07-01 03:22:48 -05:00 · 2013-07-14 10:45:54 +00:00
parent 1662a2f6cf
commit 896bb7c74d
11 changed files with 185 additions and 70 deletions
--- a/sshdss.c
+++ b/sshdss.c
@ -42,7 +42,7 @@ static void getstring(char **data, int *datalen, char **p, int *length)
    *p = NULL;
    if (*datalen < 4)
 	return;
-    *length = GET_32BIT(*data);
+    *length = toint(GET_32BIT(*data));
    if (*length < 0)
        return;
    *datalen -= 4;