From a9f17952b8655c981638b3243d795961538d8998 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Sat, 5 Apr 2003 22:24:12 +0000
Subject: Update.

	* sunrpc/xdr.c (xdr_string): Catch nodesize == 0 [PR libc/4999].
---
 sunrpc/xdr.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'sunrpc')

diff --git a/sunrpc/xdr.c b/sunrpc/xdr.c
index dbe1d88e1f..d99a9985c4 100644
--- a/sunrpc/xdr.c
+++ b/sunrpc/xdr.c
@@ -704,6 +704,13 @@ xdr_string (xdrs, cpp, maxsize)
       return FALSE;
     }
   nodesize = size + 1;
+  if (nodesize == 0)
+    {
+      /* This means an overflow.  It a bug in the caller which
+	 provided a too large maxsize but nevertheless catch it
+	 here.  */
+      return FALSE;
+    }
 
   /*
    * now deal with the actual bytes
@@ -711,10 +718,6 @@ xdr_string (xdrs, cpp, maxsize)
   switch (xdrs->x_op)
     {
     case XDR_DECODE:
-      if (nodesize == 0)
-	{
-	  return TRUE;
-	}
       if (sp == NULL)
 	*cpp = sp = (char *) mem_alloc (nodesize);
       if (sp == NULL)
-- 
cgit 1.4.1