summary refs log tree commit diff
path: root/sunrpc
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2003-04-05 22:24:12 +0000
committerUlrich Drepper <drepper@redhat.com>2003-04-05 22:24:12 +0000
commita9f17952b8655c981638b3243d795961538d8998 (patch)
tree41955a44c21beb8c9aacf5aedbe5d316035b8407 /sunrpc
parentabefbc51f4ea64c976501f518f28304c5c44f91b (diff)
downloadglibc-a9f17952b8655c981638b3243d795961538d8998.tar.gz
glibc-a9f17952b8655c981638b3243d795961538d8998.tar.xz
glibc-a9f17952b8655c981638b3243d795961538d8998.zip
Update.
	* sunrpc/xdr.c (xdr_string): Catch nodesize == 0 [PR libc/4999].
Diffstat (limited to 'sunrpc')
-rw-r--r--sunrpc/xdr.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/sunrpc/xdr.c b/sunrpc/xdr.c
index dbe1d88e1f..d99a9985c4 100644
--- a/sunrpc/xdr.c
+++ b/sunrpc/xdr.c
@@ -704,6 +704,13 @@ xdr_string (xdrs, cpp, maxsize)
       return FALSE;
     }
   nodesize = size + 1;
+  if (nodesize == 0)
+    {
+      /* This means an overflow.  It a bug in the caller which
+	 provided a too large maxsize but nevertheless catch it
+	 here.  */
+      return FALSE;
+    }
 
   /*
    * now deal with the actual bytes
@@ -711,10 +718,6 @@ xdr_string (xdrs, cpp, maxsize)
   switch (xdrs->x_op)
     {
     case XDR_DECODE:
-      if (nodesize == 0)
-	{
-	  return TRUE;
-	}
       if (sp == NULL)
 	*cpp = sp = (char *) mem_alloc (nodesize);
       if (sp == NULL)