From f7e4adb10bff1c278a8543b230b10881ff3799fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?louiz=E2=80=99?= Date: Tue, 9 May 2017 15:46:20 +0200 Subject: Avoid any potential int overflow --- src/network/poller.cpp | 6 +++++- src/network/tcp_socket_handler.cpp | 5 +++-- src/xmpp/xmpp_component.cpp | 7 +++++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/network/poller.cpp b/src/network/poller.cpp index ca49180..0f02cc5 100644 --- a/src/network/poller.cpp +++ b/src/network/poller.cpp @@ -200,7 +200,11 @@ int Poller::poll(const std::chrono::milliseconds& timeout) // Unblock all signals, only during the epoll_pwait call sigset_t empty_signal_set{}; sigemptyset(&empty_signal_set); - const int nb_events = ::epoll_pwait(this->epfd, revents, max_events, timeout.count(), + + int real_timeout = std::numeric_limits::max(); + if (timeout.count() < real_timeout) // Just avoid any potential int overflow + real_timeout = static_cast(timeout.count()); + const int nb_events = ::epoll_pwait(this->epfd, revents, max_events, real_timeout, &empty_signal_set); if (nb_events == -1) { diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp index 1bd5315..1049375 100644 --- a/src/network/tcp_socket_handler.cpp +++ b/src/network/tcp_socket_handler.cpp @@ -227,9 +227,10 @@ void TCPSocketHandler::consume_in_buffer(const std::size_t size) } #ifdef BOTAN_FOUND -void TCPSocketHandler::start_tls(const std::string& address, const std::string& port) +void TCPSocketHandler::start_tls(const std::string& address, const std::string& port_string) { - Botan::TLS::Server_Information server_info(address, "irc", std::stoul(port)); + auto port = std::min(std::stoul(port_string), static_cast(std::numeric_limits::max())); + Botan::TLS::Server_Information server_info(address, "irc", static_cast(port)); auto policy_directory = Config::get("policy_directory", utils::dirname(Config::get_filename())); if (!policy_directory.empty() && policy_directory[policy_directory.size()-1] != '/') policy_directory += '/'; diff --git a/src/xmpp/xmpp_component.cpp b/src/xmpp/xmpp_component.cpp index 35abbee..b138ed9 100644 --- a/src/xmpp/xmpp_component.cpp +++ b/src/xmpp/xmpp_component.cpp @@ -112,17 +112,20 @@ void XmppComponent::on_connection_close(const std::string& error) void XmppComponent::parse_in_buffer(const size_t size) { + // in_buf.size, or size, cannot be bigger than our read-size (4096) so it’s safe + // to cast. + if (!this->in_buf.empty()) { // This may happen if the parser could not allocate enough space for // us. We try to feed it the data that was read into our in_buf // instead. If this fails again we are in trouble. - this->parser.feed(this->in_buf.data(), this->in_buf.size(), false); + this->parser.feed(this->in_buf.data(), static_cast(this->in_buf.size()), false); this->in_buf.clear(); } else { // Just tell the parser to parse the data that was placed into the // buffer it provided to us with GetBuffer - this->parser.parse(size, false); + this->parser.parse(static_cast(size), false); } } -- cgit v1.2.3