You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by sc...@apache.org on 2017/09/11 01:23:20 UTC
svn commit: r1807985 -
/santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp
Author: scantor
Date: Mon Sep 11 01:23:20 2017
New Revision: 1807985
URL: http://svn.apache.org/viewvc?rev=1807985&view=rev
Log:
SANTUARIO-474 - Better overflow checking
Modified:
santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp
Modified: santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp?rev=1807985&r1=1807984&r2=1807985&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/utils/XSECSafeBuffer.cpp Mon Sep 11 01:23:20 2017
@@ -55,19 +55,19 @@ void safeBuffer::checkAndExpand(XMLSize_
// For a given size, check it will fit (with one byte spare)
// and expand if necessary
- if (size + 2 < bufferSize)
+ if (bufferSize >= 2 && size < bufferSize - 2) {
return;
+ }
- // Resize and add 1K for further growth
- XMLSize_t newBufferSize = size + 1024;
-
- // Did we overflow?
- if (size + 2 > newBufferSize) {
+ if (size > XMLSIZE_MAX - DEFAULT_SAFE_BUFFER_SIZE) {
/* We've got a string that's too big to deal with */
throw XSECException(XSECException::SafeBufferError,
"Buffer has grown too large");
}
+ // Resize and add 1K for further growth
+ XMLSize_t newBufferSize = size + DEFAULT_SAFE_BUFFER_SIZE;
+
unsigned char * newBuffer = new unsigned char[newBufferSize];
if (newBuffer == NULL)
{