[GNUnet-SVN] [libextractor] 05/06: fix looping in nsfe extractor for problematic chunksize in input file

[gnunet]

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository libextractor.

commit ffab889c1710c7646af9ed360c796a2a0a619efc
Author: Christian Grothoff <address@hidden>
AuthorDate: Fri Oct 13 12:27:31 2017 +0200

    fix looping in nsfe extractor for problematic chunksize in input file
---
 ChangeLog                    | 3 +++
 src/plugins/nsfe_extractor.c | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ec2ebb21..73220830 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+Fri Oct 13 12:27:38 CEST 2017
+       Protect against problematic integer offset in NSFE plugin found by Leon 
Zhao. -CG
+
 Fri Oct 13 12:15:35 CEST 2017
        Protect against integer overflows in PNG plugin found by Leon Zhao. -CG
 
diff --git a/src/plugins/nsfe_extractor.c b/src/plugins/nsfe_extractor.c
index bde13153..6a8be86e 100644
--- a/src/plugins/nsfe_extractor.c
+++ b/src/plugins/nsfe_extractor.c
@@ -373,9 +373,9 @@ EXTRACTOR_nsfe_extract_method (struct 
EXTRACTOR_ExtractContext *ec)
                    8))
        break;
       chunksize = nsfeuint (data);
-      if (off + chunksize + 8 <= off)
+      if (off + chunksize + 8LLU <= off)
         break; /* protect against looping */
-      off += 8 + chunksize;
+      off += 8LLU + chunksize;
       if (0 == memcmp (data + 4, "INFO", 4))
         ret = info_extract (ec, chunksize);
       else if (0 == memcmp (data + 4, "auth", 4))

-- 
To stop receiving notification emails like this one, please contact
address@hidden