diff options
| author | deraadt <> | 2014-06-01 15:10:53 +0000 |
|---|---|---|
| committer | deraadt <> | 2014-06-01 15:10:53 +0000 |
| commit | 8651fd5ff025be46cca91efe623b138186b69326 (patch) | |
| tree | bc12934adc4c0e00a726ccf40c62146741fd5626 | |
| parent | 80aec33a6fd0623b001a8f27386db1459998842b (diff) | |
| download | openbsd-8651fd5ff025be46cca91efe623b138186b69326.tar.gz openbsd-8651fd5ff025be46cca91efe623b138186b69326.tar.bz2 openbsd-8651fd5ff025be46cca91efe623b138186b69326.zip | |
Commit this before the head-scratching leads to premature baldness:
memset(a->data, 0, (unsigned int)a->max);
but the decl is:
size_t max;
size_t could be larger than int, especially in some of the systems OpenSSL
purports to support.
How do _intentionally truncating_ casts like enter into a codebase?
Lack of understanding of C, at a minimum. Generally the objects are
small, but this code is _intentionally unready_ for large objects.
ok miod
| -rw-r--r-- | src/lib/libcrypto/buffer/buffer.c | 2 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/buffer/buffer.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c index 486d6fef14..71784693be 100644 --- a/src/lib/libcrypto/buffer/buffer.c +++ b/src/lib/libcrypto/buffer/buffer.c | |||
| @@ -88,7 +88,7 @@ BUF_MEM_free(BUF_MEM *a) | |||
| 88 | return; | 88 | return; |
| 89 | 89 | ||
| 90 | if (a->data != NULL) { | 90 | if (a->data != NULL) { |
| 91 | memset(a->data, 0, (unsigned int)a->max); | 91 | memset(a->data, 0, a->max); |
| 92 | free(a->data); | 92 | free(a->data); |
| 93 | } | 93 | } |
| 94 | free(a); | 94 | free(a); |
diff --git a/src/lib/libssl/src/crypto/buffer/buffer.c b/src/lib/libssl/src/crypto/buffer/buffer.c index 486d6fef14..71784693be 100644 --- a/src/lib/libssl/src/crypto/buffer/buffer.c +++ b/src/lib/libssl/src/crypto/buffer/buffer.c | |||
| @@ -88,7 +88,7 @@ BUF_MEM_free(BUF_MEM *a) | |||
| 88 | return; | 88 | return; |
| 89 | 89 | ||
| 90 | if (a->data != NULL) { | 90 | if (a->data != NULL) { |
| 91 | memset(a->data, 0, (unsigned int)a->max); | 91 | memset(a->data, 0, a->max); |
| 92 | free(a->data); | 92 | free(a->data); |
| 93 | } | 93 | } |
| 94 | free(a); | 94 | free(a); |