[packages/libtirpc.git] / libtirpc-xdr_string.patch

diff --git a/src/xdr.c b/src/xdr.c
index 764c30f..292723b 100644
--- a/src/xdr.c
+++ b/src/xdr.c
@@ -669,6 +669,8 @@ xdr_string(xdrs, cpp, maxsize)
 		}
 		/* FALLTHROUGH */
 	case XDR_ENCODE:
+		if (sp == NULL)
+			return FALSE;
 		size = strlen(sp);
 		break;
 	case XDR_DECODE:
@@ -681,6 +683,13 @@ xdr_string(xdrs, cpp, maxsize)
 		return (FALSE);
 	}
 	nodesize = size + 1;
+	if (nodesize == 0) {
+		/* This means an overflow.  It a bug in the caller which
+		 * provided a too large maxsize but nevertheless catch it
+		 * here.
+		 */
+		return FALSE;
+	}
 
 	/*
 	 * now deal with the actual bytes
@@ -688,9 +697,6 @@ xdr_string(xdrs, cpp, maxsize)
 	switch (xdrs->x_op) {
 
 	case XDR_DECODE:
-		if (nodesize == 0) {
-			return (TRUE);
-		}
 		if (sp == NULL)
 			*cpp = sp = mem_alloc(nodesize);
 		if (sp == NULL) {
Commit	Line	Data
7fc65fb9 JR	1	diff --git a/src/xdr.c b/src/xdr.c
	2	index 764c30f..292723b 100644
	3	--- a/src/xdr.c
	4	+++ b/src/xdr.c
	5	@@ -669,6 +669,8 @@ xdr_string(xdrs, cpp, maxsize)
	6	}
	7	/* FALLTHROUGH */
	8	case XDR_ENCODE:
	9	+ if (sp == NULL)
	10	+ return FALSE;
	11	size = strlen(sp);
	12	break;
	13	case XDR_DECODE:
	14	@@ -681,6 +683,13 @@ xdr_string(xdrs, cpp, maxsize)
	15	return (FALSE);
	16	}
	17	nodesize = size + 1;
	18	+ if (nodesize == 0) {
	19	+ /* This means an overflow. It a bug in the caller which
	20	+ * provided a too large maxsize but nevertheless catch it
	21	+ * here.
	22	+ */
	23	+ return FALSE;
	24	+ }
	25
	26	/*
	27	* now deal with the actual bytes
	28	@@ -688,9 +697,6 @@ xdr_string(xdrs, cpp, maxsize)
	29	switch (xdrs->x_op) {
	30
	31	case XDR_DECODE:
	32	- if (nodesize == 0) {
	33	- return (TRUE);
	34	- }
	35	if (sp == NULL)
	36	*cpp = sp = mem_alloc(nodesize);
	37	if (sp == NULL) {