mirror of
https://github.com/rkd77/elinks.git
synced 2025-01-03 14:57:44 -05:00
http_negotiate: Fix int* vs. size_t* type mismatch
http_negotiate_parse_data passed &token->length as the int *outlen parameter of base64_decode_bin, which stores an int at that location. However, gss_buffer_desc::length is size_t in all implementations that I checked: MIT Kerberos Version 5 Release 1.10, libgssglue 0.4, and GNU GSS 1.0.2. This mismatch could cause the build to fail: .../src/protocol/http/http_negotiate.c: In function ‘http_negotiate_parse_data’: .../src/protocol/http/http_negotiate.c:173:2: error: passing argument 3 of ‘base64_decode_bin’ from incompatible pointer type [-Werror] In file included from .../src/protocol/http/http_negotiate.c:30:0: .../src/util/base64.h:8:16: note: expected ‘int *’ but argument is of type ‘size_t *’ On 64-bit big-endian hosts, it might also cause the GSSAPI implementation to read too much data from memory and disclose it to some network server, or crash ELinks.
This commit is contained in:
parent
75e9367770
commit
d33c807dd9
@ -142,6 +142,7 @@ http_negotiate_parse_data(unsigned char *data, int type,
|
|||||||
{
|
{
|
||||||
int len = 0;
|
int len = 0;
|
||||||
unsigned char *end;
|
unsigned char *end;
|
||||||
|
int bytelen = 0;
|
||||||
|
|
||||||
if (data == NULL || *data == '\0')
|
if (data == NULL || *data == '\0')
|
||||||
return 0;
|
return 0;
|
||||||
@ -170,7 +171,8 @@ http_negotiate_parse_data(unsigned char *data, int type,
|
|||||||
if (!len)
|
if (!len)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
token->value = (void *) base64_decode_bin(data, len, &token->length);
|
token->value = (void *) base64_decode_bin(data, len, &bytelen);
|
||||||
|
token->length = bytelen; /* convert int to size_t */
|
||||||
|
|
||||||
if (!token->value)
|
if (!token->value)
|
||||||
return -1;
|
return -1;
|
||||||
|
Loading…
Reference in New Issue
Block a user