On Mon, 1 Aug 2022 at 00:03, wrote:
>
> From: Corey Minyard
>
> In one case:
>
> memcpy(sid->inmsg + sid->inlen, buf, len);
>
> if len == 0 then sid->inmsg + sig->inlen can point to one past the inmsg
> array if the array is full. We have to allow len == 0 due to some
> vagueness in the spec,
On Sun, Jul 31, 2022 at 06:02:46PM -0500, miny...@acm.org wrote:
> From: Corey Minyard
>
> In one case:
>
> memcpy(sid->inmsg + sid->inlen, buf, len);
>
> if len == 0 then sid->inmsg + sig->inlen can point to one past the inmsg
> array if the array is full. We have to allow len == 0 due to s
From: Corey Minyard
In one case:
memcpy(sid->inmsg + sid->inlen, buf, len);
if len == 0 then sid->inmsg + sig->inlen can point to one past the inmsg
array if the array is full. We have to allow len == 0 due to some
vagueness in the spec, but we don't have to call memcpy.
Found by Coverity.
