Hallvard B Furuseth wrote:
Howard Chu writes:char buf[MYSIZE]; ber_len_t len; /* length of current buffer content */ struct berval *in; /* passed in, to be moved into buf */You just test: if ( in->bv_len> MYSIZE || in->bv_len + len> MYSIZE ) return FAIL;Except that in->bv_len + len can wrap around:-) In this case, use if ( in->bv_len> MYSIZE - len ) since len will be<= MYSIZE.
No. You missed the point. The first part of the if will catch an outsized in->bv_len. There is never wraparound on any real world buffer sizes. E.g. in a 32 bit platform you cannot have a 2GB data buffer because there's no address space left for the code or stack. Likewise for 64 bit.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
