Mercurial > pidgin

diff src/protocols/novell/nmconn.c @ 8753:c7e9687bfd79
[gaim-migrate @ 9508] " This patch fixes a possible integer overflow when allocating memory in nm_read_fields." --Mike Stoddard committer: Tailor Script <tailor@pidgin.im>
author: Luke Schierer <lschiere@pidgin.im>
date: Thu, 22 Apr 2004 04:44:41 +0000
parents: 046dd8ef2920
children: a2affcdf8e01
--- a/src/protocols/novell/nmconn.c	Thu Apr 22 04:43:22 2004 +0000
+++ b/src/protocols/novell/nmconn.c	Thu Apr 22 04:44:41 2004 +0000
@@ -486,7 +486,7 @@
 		return NMERR_BAD_PARM;
 
 	do {
-		if (count !=  -1) {
+		if (count > 0) {
 			count--;
 		}
 
@@ -537,17 +537,23 @@
 			if (rc != NM_OK)
 				break;
 
+			if (val >= NMFIELD_MAX_STR_LENGTH) {
+				rc = NMERR_PROTOCOL;
+				break;
+			}
+
 			if (val > 0) {
 				str = g_new0(char, val + 1);
 
 				rc = nm_read_all(conn, str, val);
 				if (rc != NM_OK)
 					break;
+
+				*fields = nm_add_field(*fields, tag, 0, method, 0,
+									   (guint32) str, type);
+				str = NULL;
 			}
 
-			*fields = nm_add_field(*fields, tag, 0, method, 0,
-								   (guint32) str, type);
-			str = NULL;
 		} else {
 
 			/* Read the numerical value */
author	Luke Schierer <lschiere@pidgin.im>
date	Thu, 22 Apr 2004 04:44:41 +0000
parents	046dd8ef2920
children	a2affcdf8e01