diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2014-07-07 17:02:23 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2014-07-07 17:02:23 +0000 |
| commit | 9bd513215fe9094e683de9166a3a25f81fb82587 (patch) | |
| tree | 3265f18a3803d8597caada35f6975abd02986969 /usr.bin | |
| parent | c18b188abf739c0b21f32db7401e8384090bab80 (diff) | |
The type of iov_len is size_t so the comparison with < 0 does not
work. Do the length check before the subtraction.
Found by Christian Ehrhardt; OK markus@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/gzsig/ssh2.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/usr.bin/gzsig/ssh2.c b/usr.bin/gzsig/ssh2.c index 1d68f62640b..c022a06a29b 100644 --- a/usr.bin/gzsig/ssh2.c +++ b/usr.bin/gzsig/ssh2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh2.c,v 1.3 2009/07/12 18:04:03 jsg Exp $ */ +/* $OpenBSD: ssh2.c,v 1.4 2014/07/07 17:02:22 bluhm Exp $ */ /* * ssh2.c * @@ -87,9 +87,9 @@ _keyfromstr(char *str, int len) static int _read_int(struct iovec *iov, int *ival) { - iov->iov_len -= 4; - if (iov->iov_len < 0) + if (iov->iov_len < 4) return (-1); + iov->iov_len -= 4; *ival = GET_32BIT((u_char *)iov->iov_base); iov->iov_base = (u_char*)iov->iov_base + 4; @@ -102,9 +102,9 @@ _read_opaque(struct iovec *iov, u_char **buf, int *len) if (_read_int(iov, len) < 0 || *len < 0) return (-1); - iov->iov_len -= *len; - if (iov->iov_len < 0) + if (iov->iov_len < (size_t)*len) return (-1); + iov->iov_len -= *len; *buf = iov->iov_base; iov->iov_base = (u_char*)iov->iov_base + *len; |