Re: httpd errata

Fri, 21 Nov 2014 11:43:30 -0800 

On Thu, Nov 20, 2014 at 23:16, patrick keshishian wrote:

> 
> any concern over 'u_int i' vs 'size_t len' type-mismatch?

Yes. There are a few instances where u_int is used in place of size_t.
Another instance where off_t is cast down to u_int. Even if it can't
overflow, the safer idiom is to cast up.

Some of this code is copied from relayd; diff below is for both.

Index: httpd/config.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/config.c,v
retrieving revision 1.22
diff -u -p -r1.22 config.c
--- httpd/config.c      5 Sep 2014 10:04:20 -0000       1.22
+++ httpd/config.c      21 Nov 2014 19:34:42 -0000
@@ -346,7 +346,7 @@ config_getserver(struct httpd *env, stru
        /* Reset these variables to avoid free'ing invalid pointers */
        serverconfig_reset(&srv_conf);
 
-       if ((u_int)(IMSG_DATA_SIZE(imsg) - s) <
+       if ((off_t)(IMSG_DATA_SIZE(imsg) - s) <
            (srv_conf.ssl_cert_len + srv_conf.ssl_key_len)) {
                log_debug("%s: invalid message length", __func__);
                goto fail;
Index: httpd/httpd.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/httpd.c,v
retrieving revision 1.24
diff -u -p -r1.24 httpd.c
--- httpd/httpd.c       11 Nov 2014 15:54:45 -0000      1.24
+++ httpd/httpd.c       21 Nov 2014 19:32:18 -0000
@@ -493,7 +493,7 @@ canonicalize_host(const char *host, char
 {
        struct sockaddr_in       sin4;
        struct sockaddr_in6      sin6;
-       u_int                    i, j;
+       size_t                   i, j;
        size_t                   plen;
        char                     c;
 
@@ -692,7 +692,7 @@ evbuffer_getline(struct evbuffer *evb)
        u_int8_t        *ptr = EVBUFFER_DATA(evb);
        size_t           len = EVBUFFER_LENGTH(evb);
        char            *str;
-       u_int            i;
+       size_t           i;
 
        /* Safe version of evbuffer_readline() */
        if ((str = get_string(ptr, len)) == NULL)
Index: relayd/config.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/config.c,v
retrieving revision 1.19
diff -u -p -r1.19 config.c
--- relayd/config.c     19 Nov 2014 10:24:40 -0000      1.19
+++ relayd/config.c     21 Nov 2014 19:35:00 -0000
@@ -912,7 +912,7 @@ config_getrelay(struct relayd *env, stru
                }
        }
 
-       if ((u_int)(IMSG_DATA_SIZE(imsg) - s) <
+       if ((off_t)(IMSG_DATA_SIZE(imsg) - s) <
            (rlay->rl_conf.ssl_cert_len +
            rlay->rl_conf.ssl_key_len +
            rlay->rl_conf.ssl_ca_len +
Index: relayd/relayd.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/relayd.c,v
retrieving revision 1.132
diff -u -p -r1.132 relayd.c
--- relayd/relayd.c     19 Nov 2014 10:24:40 -0000      1.132
+++ relayd/relayd.c     21 Nov 2014 19:37:30 -0000
@@ -1340,7 +1340,7 @@ canonicalize_host(const char *host, char
 {
        struct sockaddr_in       sin4;
        struct sockaddr_in6      sin6;
-       u_int                    i, j;
+       size_t                   i, j;
        size_t                   plen;
        char                     c;

Reply via email to