[Secztn] Fix integer overflow check in DecodeUrl()

Using pointers in expressions that may cause overflow leads to undefined behavior. See also https://lwn.net/Articles/278137/
amadio · Nov 26, 2024 · 58bb106 · 58bb106
1 parent c3b458a
commit 58bb106
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/XrdSecztn/XrdSecztn.cc b/src/XrdSecztn/XrdSecztn.cc
@@ -28,6 +28,7 @@
 #include <cstdint>
 #include <cstdlib>
 #include <cstring>
+#include <limits>
 
 #ifndef __FreeBSD__
 #include <alloca.h>
@@ -81,7 +82,10 @@ namespace
 int DecodeUrl(const char *decode, size_t num_decode, char *out, size_t &num_out)
 {
   // No integer overflows please.
-  if ((decode + num_decode) < decode || (out + num_out) < out)
+  if (num_decode > std::numeric_limits<size_t>::max() - (size_t)decode)
+    return 1;
+
+  if (num_out > std::numeric_limits<size_t>::max() - (size_t)out)
     return 1;
 
   if (num_out < DecodeBytesNeeded(num_decode))