Update.

	* sunrpc/xdr.c (xdr_string): Catch nodesize == 0 [PR libc/4999].

diff --git a/ChangeLog b/ChangeLog
index 33fac37..d637154 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 2003-04-05  Ulrich Drepper  <drepper@redhat.com>
 
+       * sunrpc/xdr.c (xdr_string): Catch nodesize == 0 [PR libc/4999].
+
        * sysdeps/ieee754/ldbl-96/e_gammal_r.c (__ieee754_gammal_r):
        Always initialize *signgamp before returning an error.
 

diff --git a/sunrpc/xdr.c b/sunrpc/xdr.c
index dbe1d88..d99a998 100644 (file)
--- a/sunrpc/xdr.c
+++ b/sunrpc/xdr.c
@@ -704,6 +704,13 @@ xdr_string (xdrs, cpp, maxsize)
       return FALSE;
     }
   nodesize = size + 1;
+  if (nodesize == 0)
+    {
+      /* This means an overflow.  It a bug in the caller which
+        provided a too large maxsize but nevertheless catch it
+        here.  */
+      return FALSE;
+    }
 
   /*
    * now deal with the actual bytes
@@ -711,10 +718,6 @@ xdr_string (xdrs, cpp, maxsize)
   switch (xdrs->x_op)
     {
     case XDR_DECODE:
-      if (nodesize == 0)
-       {
-         return TRUE;
-       }
       if (sp == NULL)
        *cpp = sp = (char *) mem_alloc (nodesize);
       if (sp == NULL)