[packages/dietlibc.git] / dietlibc-xdrmem-overflow.patch

--- dietlibc-0.12.orig/librpc/xdr_mem.c
+++ dietlibc-0.12/librpc/xdr_mem.c
@@ -48,13 +48,13 @@
 #include <netinet/in.h>
 #include <string.h>
 
-static bool_t xdrmem_getlong();
-static bool_t xdrmem_putlong();
+static bool_t xdrmem_getlong(XDR*, long*);
+static bool_t xdrmem_putlong(XDR*, const long*);
 static bool_t xdrmem_getbytes();
 static bool_t xdrmem_putbytes();
 static unsigned int xdrmem_getpos();
 static bool_t xdrmem_setpos();
-static int32_t *xdrmem_inline();
+static int32_t *xdrmem_inline(XDR*, unsigned int);
 static void xdrmem_destroy();
 
 static struct xdr_ops xdrmem_ops = {
@@ -94,54 +94,41 @@
 register XDR *xdrs;
 long *lp;
 {
+  if (xdrs->x_handy < 4) return FALSE;
+  xdrs->x_handy -= 4;
 
-	if ((xdrs->x_handy -= sizeof(long)) < 0)
-		return (FALSE);
-
-	*lp = (long) ntohl((unsigned long) (*((long *) (xdrs->x_private))));
-	xdrs->x_private += sizeof(long);
-
-	return (TRUE);
+  *lp = (int32_t) ntohl((*((int32_t *) (xdrs->x_private))));
+  xdrs->x_private += 4;
+  return TRUE;
 }
 
-static bool_t xdrmem_putlong(xdrs, lp)
-register XDR *xdrs;
-long *lp;
+static bool_t xdrmem_putlong(XDR* xdrs, const long* lp)
 {
+  if (xdrs->x_handy < 4) return FALSE;
+  xdrs->x_handy -= 4;
 
-	if ((xdrs->x_handy -= sizeof(long)) < 0)
-		return (FALSE);
-
-	*(long *) xdrs->x_private = (long) htonl((unsigned long) (*lp));
-	xdrs->x_private += sizeof(long);
+  *(int32_t *) xdrs->x_private = htonl(*lp);
+  xdrs->x_private += sizeof(long);
 
-	return (TRUE);
+  return (TRUE);
 }
 
-static bool_t xdrmem_getbytes(xdrs, addr, len)
-register XDR *xdrs;
-char* addr;
-register unsigned int len;
+static bool_t xdrmem_getbytes(XDR* xdrs, char* addr, unsigned int len)
 {
-
-	if ((xdrs->x_handy -= len) < 0)
-		return (FALSE);
-	memmove(addr, xdrs->x_private, len);
-	xdrs->x_private += len;
-	return (TRUE);
+  if (xdrs->x_handy < len) return FALSE;
+  xdrs->x_handy -= len;
+  memmove(addr, xdrs->x_private, len);
+  xdrs->x_private += len;
+  return TRUE;
 }
 
-static bool_t xdrmem_putbytes(xdrs, addr, len)
-register XDR *xdrs;
-char* addr;
-register unsigned int len;
+static bool_t xdrmem_putbytes(XDR* xdrs, char* addr, unsigned int len)
 {
-
-	if ((xdrs->x_handy -= len) < 0)
-		return (FALSE);
-	memmove(xdrs->x_private, addr, len);
-	xdrs->x_private += len;
-	return (TRUE);
+  if (xdrs->x_handy < len) return FALSE;
+  xdrs->x_handy -= len;
+  memmove(xdrs->x_private, addr, len);
+  xdrs->x_private += len;
+  return (TRUE);
 }
 
 static unsigned int xdrmem_getpos(xdrs)
@@ -155,19 +142,19 @@
 register XDR *xdrs;
 unsigned int pos;
 {
-	register char* newaddr = xdrs->x_base + pos;
-	register char* lastaddr = xdrs->x_private + xdrs->x_handy;
+  register char* newaddr = xdrs->x_base + pos;
+  register char* lastaddr = xdrs->x_private + xdrs->x_handy;
 
-	if ((long) newaddr > (long) lastaddr)
-		return (FALSE);
-	xdrs->x_private = newaddr;
-	xdrs->x_handy = (int) lastaddr - (int) newaddr;
-	return (TRUE);
+  if ((long) newaddr > (long) lastaddr || (long)newaddr<(long)xdrs->x_base)
+	  return (FALSE);
+  xdrs->x_private = newaddr;
+  xdrs->x_handy = (int) lastaddr - (int) newaddr;
+  return (TRUE);
 }
 
 static int32_t *xdrmem_inline(xdrs, len)
 register XDR *xdrs;
-int len;
+unsigned int len;
 {
 	int32_t *buf = 0;
 
--- dietlibc-0.12.orig/librpc/xdr_rec.c
+++ dietlibc-0.12/librpc/xdr_rec.c
@@ -458,9 +458,7 @@
 	return (FALSE);
 }
 
-static int32_t *xdrrec_inline(xdrs, len)
-register XDR *xdrs;
-int len;
+static int32_t *xdrrec_inline(XDR* xdrs, unsigned int len)
 {
 	register RECSTREAM *rstrm = (RECSTREAM *) xdrs->x_private;
 	int32_t *buf = NULL;
--- dietlibc-0.12.orig/librpc/xdr_stdio.c
+++ dietlibc-0.12/librpc/xdr_stdio.c
@@ -169,9 +169,7 @@
 			FALSE : TRUE);
 }
 
-static int32_t *xdrstdio_inline(xdrs, len)
-XDR *xdrs;
-unsigned int len;
+static int32_t *xdrstdio_inline(XDR* xdrs, unsigned int len)
 {
 
 	/*
--- dietlibc-0.12.orig/include/rpc/xdr.h
+++ dietlibc-0.12/include/rpc/xdr.h
@@ -126,7 +126,7 @@
 	/* returns bytes off from beginning */
 	bool_t (*x_setpostn) (XDR *__xdrs, unsigned int __pos);
 	/* lets you reposition the stream */
-	int32_t *(*x_inline) (XDR *__xdrs, int __len);
+	int32_t *(*x_inline) (XDR *__xdrs, unsigned int __len);
 	/* buf quick ptr to buffered data */
 	void (*x_destroy) (XDR *__xdrs);
 	/* free privates of this xdr_stream */
@@ -139,7 +139,7 @@
     char* x_public;		/* users' data */
     char* x_private;		/* pointer to private data */
     char* x_base;		/* private used for position info */
-    int x_handy;		/* extra private word */
+    unsigned int x_handy;	/* extra private word */
   };
 
 /*
Commit	Line	Data
155d61cb JB	1	--- dietlibc-0.12.orig/librpc/xdr_mem.c
	2	+++ dietlibc-0.12/librpc/xdr_mem.c
	3	@@ -48,13 +48,13 @@
	4	#include <netinet/in.h>
	5	#include <string.h>
	6
	7	-static bool_t xdrmem_getlong();
	8	-static bool_t xdrmem_putlong();
	9	+static bool_t xdrmem_getlong(XDR, long);
	10	+static bool_t xdrmem_putlong(XDR, const long);
	11	static bool_t xdrmem_getbytes();
	12	static bool_t xdrmem_putbytes();
	13	static unsigned int xdrmem_getpos();
	14	static bool_t xdrmem_setpos();
	15	-static int32_t *xdrmem_inline();
	16	+static int32_t xdrmem_inline(XDR, unsigned int);
	17	static void xdrmem_destroy();
	18
	19	static struct xdr_ops xdrmem_ops = {
	20	@@ -94,54 +94,41 @@
	21	register XDR *xdrs;
	22	long *lp;
	23	{
	24	+ if (xdrs->x_handy < 4) return FALSE;
	25	+ xdrs->x_handy -= 4;
	26
	27	- if ((xdrs->x_handy -= sizeof(long)) < 0)
	28	- return (FALSE);
	29	-
	30	- lp = (long) ntohl((unsigned long) (((long *) (xdrs->x_private))));
	31	- xdrs->x_private += sizeof(long);
	32	-
	33	- return (TRUE);
	34	+ lp = (int32_t) ntohl((((int32_t *) (xdrs->x_private))));
	35	+ xdrs->x_private += 4;
	36	+ return TRUE;
	37	}
	38
	39	-static bool_t xdrmem_putlong(xdrs, lp)
	40	-register XDR *xdrs;
	41	-long *lp;
	42	+static bool_t xdrmem_putlong(XDR* xdrs, const long* lp)
	43	{
	44	+ if (xdrs->x_handy < 4) return FALSE;
	45	+ xdrs->x_handy -= 4;
	46
	47	- if ((xdrs->x_handy -= sizeof(long)) < 0)
	48	- return (FALSE);
	49	-
	50	- (long ) xdrs->x_private = (long) htonl((unsigned long) (*lp));
	51	- xdrs->x_private += sizeof(long);
	52	+ (int32_t ) xdrs->x_private = htonl(*lp);
	53	+ xdrs->x_private += sizeof(long);
	54
	55	- return (TRUE);
	56	+ return (TRUE);
	57	}
	58
	59	-static bool_t xdrmem_getbytes(xdrs, addr, len)
	60	-register XDR *xdrs;
	61	-char* addr;
	62	-register unsigned int len;
	63	+static bool_t xdrmem_getbytes(XDR* xdrs, char* addr, unsigned int len)
	64	{
65	-
66	- if ((xdrs->x_handy -= len) < 0)
67	- return (FALSE);
68	- memmove(addr, xdrs->x_private, len);
69	- xdrs->x_private += len;
70	- return (TRUE);
71	+ if (xdrs->x_handy < len) return FALSE;
72	+ xdrs->x_handy -= len;
73	+ memmove(addr, xdrs->x_private, len);
74	+ xdrs->x_private += len;
75	+ return TRUE;
76	}
77
78	-static bool_t xdrmem_putbytes(xdrs, addr, len)
79	-register XDR *xdrs;
80	-char* addr;
81	-register unsigned int len;
82	+static bool_t xdrmem_putbytes(XDR* xdrs, char* addr, unsigned int len)
83	{
84	-
85	- if ((xdrs->x_handy -= len) < 0)
86	- return (FALSE);
87	- memmove(xdrs->x_private, addr, len);
88	- xdrs->x_private += len;
89	- return (TRUE);
90	+ if (xdrs->x_handy < len) return FALSE;
91	+ xdrs->x_handy -= len;
92	+ memmove(xdrs->x_private, addr, len);
93	+ xdrs->x_private += len;
94	+ return (TRUE);
95	}
96
97	static unsigned int xdrmem_getpos(xdrs)
98	@@ -155,19 +142,19 @@
99	register XDR *xdrs;
100	unsigned int pos;
101	{
102	- register char* newaddr = xdrs->x_base + pos;
103	- register char* lastaddr = xdrs->x_private + xdrs->x_handy;
104	+ register char* newaddr = xdrs->x_base + pos;
105	+ register char* lastaddr = xdrs->x_private + xdrs->x_handy;
106
107	- if ((long) newaddr > (long) lastaddr)
108	- return (FALSE);
109	- xdrs->x_private = newaddr;
110	- xdrs->x_handy = (int) lastaddr - (int) newaddr;
111	- return (TRUE);
112	+ if ((long) newaddr > (long) lastaddr \|\| (long)newaddr<(long)xdrs->x_base)
113	+ return (FALSE);
114	+ xdrs->x_private = newaddr;
115	+ xdrs->x_handy = (int) lastaddr - (int) newaddr;
116	+ return (TRUE);
117	}
118
119	static int32_t *xdrmem_inline(xdrs, len)
120	register XDR *xdrs;
121	-int len;
122	+unsigned int len;
123	{
124	int32_t *buf = 0;
125
126	--- dietlibc-0.12.orig/librpc/xdr_rec.c
127	+++ dietlibc-0.12/librpc/xdr_rec.c
128	@@ -458,9 +458,7 @@
129	return (FALSE);
130	}
131
132	-static int32_t *xdrrec_inline(xdrs, len)
133	-register XDR *xdrs;
134	-int len;
135	+static int32_t xdrrec_inline(XDR xdrs, unsigned int len)
136	{
137	register RECSTREAM rstrm = (RECSTREAM ) xdrs->x_private;
138	int32_t *buf = NULL;
139	--- dietlibc-0.12.orig/librpc/xdr_stdio.c
140	+++ dietlibc-0.12/librpc/xdr_stdio.c
141	@@ -169,9 +169,7 @@
142	FALSE : TRUE);
143	}
144
145	-static int32_t *xdrstdio_inline(xdrs, len)
146	-XDR *xdrs;
147	-unsigned int len;
148	+static int32_t xdrstdio_inline(XDR xdrs, unsigned int len)
149	{
150
151	/*
152	--- dietlibc-0.12.orig/include/rpc/xdr.h
153	+++ dietlibc-0.12/include/rpc/xdr.h
154	@@ -126,7 +126,7 @@
155	/* returns bytes off from beginning */
156	bool_t (x_setpostn) (XDR __xdrs, unsigned int __pos);
157	/* lets you reposition the stream */
158	- int32_t (x_inline) (XDR *__xdrs, int __len);
159	+ int32_t (x_inline) (XDR *__xdrs, unsigned int __len);
160	/* buf quick ptr to buffered data */
161	void (x_destroy) (XDR __xdrs);
162	/* free privates of this xdr_stream */
163	@@ -139,7 +139,7 @@
164	char* x_public; /* users' data */
165	char* x_private; /* pointer to private data */
166	char* x_base; /* private used for position info */
167	- int x_handy; /* extra private word */
168	+ unsigned int x_handy; /* extra private word */
169	};
170
171	/*