summaryrefslogtreecommitdiff
path: root/source4/libcli/raw
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2008-04-17 15:20:39 +0200
committerAndrew Tridgell <tridge@samba.org>2008-04-17 15:20:39 +0200
commit11703b298685c9984a6a3c3a64eddb8a1a516b90 (patch)
treee747019d16a998f1a61f28762b2aaaab673a0d08 /source4/libcli/raw
parent107ab090e23dfc517bc74bb553315cd3528e1f7d (diff)
downloadsamba-11703b298685c9984a6a3c3a64eddb8a1a516b90.tar.gz
samba-11703b298685c9984a6a3c3a64eddb8a1a516b90.tar.bz2
samba-11703b298685c9984a6a3c3a64eddb8a1a516b90.zip
fix the overflow/wrap checks in Samba4 for new gcc optimisation behavior
The approach I have used is as set out in https://www.securecoding.cert.org/confluence/display/seccode/ARR38-C.+Do+not+add+or+subtract+an+integer+to+a+pointer+if+the+resulting+value+does+not+refer+to+an+element+within+the+array (This used to be commit 92d5fb531db39be655f0cbd2d75b5f675a0a4cfa)
Diffstat (limited to 'source4/libcli/raw')
-rw-r--r--source4/libcli/raw/rawrequest.c6
-rw-r--r--source4/libcli/raw/rawtrans.c6
2 files changed, 6 insertions, 6 deletions
diff --git a/source4/libcli/raw/rawrequest.c b/source4/libcli/raw/rawrequest.c
index a42c710547..ef856c6ea1 100644
--- a/source4/libcli/raw/rawrequest.c
+++ b/source4/libcli/raw/rawrequest.c
@@ -700,10 +700,10 @@ DATA_BLOB smbcli_req_pull_blob(struct request_bufinfo *bufinfo, TALLOC_CTX *mem_
static bool smbcli_req_data_oob(struct request_bufinfo *bufinfo, const uint8_t *ptr, uint32_t count)
{
/* be careful with wraparound! */
- if (ptr < bufinfo->data ||
- ptr >= bufinfo->data + bufinfo->data_size ||
+ if ((uintptr_t)ptr < (uintptr_t)bufinfo->data ||
+ (uintptr_t)ptr >= (uintptr_t)bufinfo->data + bufinfo->data_size ||
count > bufinfo->data_size ||
- ptr + count > bufinfo->data + bufinfo->data_size) {
+ (uintptr_t)ptr + count > (uintptr_t)bufinfo->data + bufinfo->data_size) {
return true;
}
return false;
diff --git a/source4/libcli/raw/rawtrans.c b/source4/libcli/raw/rawtrans.c
index 29881afd2b..0f15b2151b 100644
--- a/source4/libcli/raw/rawtrans.c
+++ b/source4/libcli/raw/rawtrans.c
@@ -40,10 +40,10 @@ static bool raw_trans_oob(struct smbcli_request *req,
ptr = req->in.hdr + offset;
/* be careful with wraparound! */
- if (ptr < req->in.data ||
- ptr >= req->in.data + req->in.data_size ||
+ if ((uintptr_t)ptr < (uintptr_t)req->in.data ||
+ (uintptr_t)ptr >= (uintptr_t)req->in.data + req->in.data_size ||
count > req->in.data_size ||
- ptr + count > req->in.data + req->in.data_size) {
+ (uintptr_t)ptr + count > (uintptr_t)req->in.data + req->in.data_size) {
return true;
}
return false;