[Cryptech-Commits] [sw/libhal] branch master updated: Fix buffer overflow check.

[git at cryptech.is]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.

The following commit(s) were added to refs/heads/master by this push:
       new  2104d64   Fix buffer overflow check.
2104d64 is described below

commit 2104d642bb86f27747107cb8e777739dc215b1f4
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Thu Jul 7 17:18:37 2016 -0400

    Fix buffer overflow check.
---
 xdr.c | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/xdr.c b/xdr.c
index 27b8593..0f172fb 100644
--- a/xdr.c
+++ b/xdr.c
@@ -165,21 +165,28 @@ hal_error_t hal_xdr_decode_buffer_in_place(const uint8_t **inbuf, const uint8_t
  */
 hal_error_t hal_xdr_decode_buffer(const uint8_t **inbuf, const uint8_t * const limit, uint8_t * const value, uint32_t * const len)
 {
+    if (inbuf == NULL || value == NULL || len == NULL)
+        return HAL_ERROR_BAD_ARGUMENTS;
+
     hal_error_t ret;
     const uint8_t *vptr;
     const uint8_t *orig_inbuf = *inbuf;
     uint32_t xdr_len;
 
-    if ((ret = hal_xdr_decode_buffer_in_place(inbuf, limit, &vptr, &xdr_len)) == HAL_OK) {
-	*len = xdr_len;
-	if (*len < xdr_len) {
-	    /* user buffer is too small, undo read of length */
-	    *inbuf = orig_inbuf;
-	    return HAL_ERROR_XDR_BUFFER_OVERFLOW;
-	}
+    if ((ret = hal_xdr_decode_buffer_in_place(inbuf, limit, &vptr, &xdr_len)) != HAL_OK)
+        return ret;
 
-        memcpy(value, vptr, *len);
+    if (*len < xdr_len) {
+        /* user buffer is too small, undo read of length */
+        *inbuf = orig_inbuf;
+	ret = HAL_ERROR_XDR_BUFFER_OVERFLOW;
     }
+    else {
+        memcpy(value, vptr, xdr_len);
+    }
+
+    *len = xdr_len;
+
     return ret;
 }
 

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.