On Tue, 2013-07-16 at 18:31 -0700, Luis R. Rodriguez wrote: > On Sun, Jun 30, 2013 at 4:49 PM, Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote: > > Add checks that: > > - Signature length does not exceed the file length (this was already > > checked, but did not account for signature lengths greater than 2 GB) > > - Database length is long enough for all structures we expect in it > > - Array length calculations will not overflow > > > > To keep these checks simple, change the types of array length and index > > variables to unsigned int (must be at least 32-bit, matching the file > > format) and the types of byte-length variables to size_t. > > > > Alexandre Rebert <alexandre@xxxxxxx> reported and provided a test case > > for the signature length issue; the others I found by inspection. > > > > Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> > > Thanks! Despite the fact you didn't resend for a wider review and I > would have preferred this split up into a few patches this has been > sitting on wireless-regdb for a while, so after my review I just > applied and pushed. Thanks again! Sorry about that - I was meaning to re-send but it never quite got to the top of my to-do list. Ben. -- Ben Hutchings Humans are not rational beings; they are rationalising beings.
Attachment:
signature.asc
Description: This is a digitally signed message part
