Hi, On Wed, Mar 24, 2021 at 11:23:28PM +0100, Arne Schwabe wrote: > diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c > index c19370eb..1e79ccc4 100644 > --- a/src/openvpn/dhcp.c > +++ b/src/openvpn/dhcp.c > @@ -113,7 +113,7 @@ do_extract(struct dhcp *dhcp, int optlen) > const int owlen = len + 2; /* len of data to > overwrite */ > uint8_t *src = dest + owlen; > uint8_t *end = p + optlen; > - const int movlen = end - src; > + const size_t movlen = end - src; > if (movlen > 0)
This code scares me... I think it is correct because of all these
checks around, but I like the version with a signed int really more
"should all these assumptions about i<optlen, len<=(room+2), .. no
longer hold, and movlen ever be negative, the old code would not
copy anything, and the new code would overwrite all memory".
Based on that, I'd do a "(size_t)movlen" cast here, if positive.
The rest of the patch looks good.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
