From: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
Date: Mon, 22 Feb 2016 16:23:12 +0000 (+0100)
Subject: common/ConfUtils.cc: fix potential integer overflow
X-Git-Tag: v11.1.0~327^2~19
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=566c8e6b4b71b8b88a819e1274ed458c1751df10;p=ceph.git

common/ConfUtils.cc: fix potential integer overflow

Fix for:

CID 1128394 (#1 of 1): Integer overflowed argument (INTEGER_OVERFLOW)
 overflow: Add operation overflows on operands line_len and 1UL.
 overflow_assign: Assigning overflowed or truncated value (or a value
  computed from an overflowed or a truncated value) to rem.
 overflow_sink: Overflowed or truncated value (or a value computed from an
  overflowed or truncated value) rem used as critical argument to function.

Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
---

diff --git a/src/common/ConfUtils.cc b/src/common/ConfUtils.cc
index 1ae5df540889..84ff626c37b1 100644
--- a/src/common/ConfUtils.cc
+++ b/src/common/ConfUtils.cc
@@ -297,6 +297,8 @@ load_from_buffer(const char *buf, size_t sz, std::deque<std::string> *errors,
   size_t rem = sz;
   while (1) {
     b += line_len + 1;
+    if ((line_len + 1) > rem)
+      break;
     rem -= line_len + 1;
     if (rem == 0)
       break;