From c4d9aa9908c7551968660b34791f48cdbf6acb1f Mon Sep 17 00:00:00 2001
From: Arthur de Jong <arthur@arthurdejong.org>
Date: Wed, 14 Mar 2012 20:26:03 +0000
Subject: ensure that we don't try to read more than SSIZE_MAX bytes

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-pam-ldapd@1636 ef36b2f9-881f-0410-afb5-c4e39611909c
---
 common/tio.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'common/tio.c')

diff --git a/common/tio.c b/common/tio.c
index e323e1e..34002d4 100644
--- a/common/tio.c
+++ b/common/tio.c
@@ -2,7 +2,7 @@
    tio.c - timed io functions
    This file is part of the nss-pam-ldapd library.
 
-   Copyright (C) 2007, 2008, 2010 Arthur de Jong
+   Copyright (C) 2007, 2008, 2010, 2011, 2012 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -34,6 +34,7 @@
 #include <string.h>
 #include <signal.h>
 #include <stdio.h>
+#include <limits.h>
 
 #include "tio.h"
 
@@ -229,6 +230,7 @@ int tio_read(TFILE *fp, void *buf, size_t count)
   int rv;
   uint8_t *tmp;
   size_t newsz;
+  size_t len;
   /* have a more convenient storage type for the buffer */
   uint8_t *ptr=(uint8_t *)buf;
   /* build a time by which we should be finished */
@@ -293,7 +295,12 @@ int tio_read(TFILE *fp, void *buf, size_t count)
     if (tio_select(fp,1,&deadline))
       return -1;
     /* read the input in the buffer */
-    rv=read(fp->fd,fp->readbuffer.buffer+fp->readbuffer.start,fp->readbuffer.size-fp->readbuffer.start);
+    len=fp->readbuffer.size-fp->readbuffer.start;
+#ifdef SSIZE_MAX
+    if (len>SSIZE_MAX)
+      len=SSIZE_MAX;
+#endif /* SSIZE_MAX */
+    rv=read(fp->fd,fp->readbuffer.buffer+fp->readbuffer.start,len);
     /* check for errors */
     if (rv==0)
     {
-- 
cgit v1.2.3