Following up on r1904715, rework the check to properly handle an

overflow when apr_size_t is 32-bit long. * network_io/win32/sendrecv.c (apr_socket_sendv): As above. git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1904734 13f79535-47bb-0310-9956-ffa450edef68
author: Evgeny Kotkov <kotkov@apache.org> 2022-10-20 11:04:48 +0000
committer: Evgeny Kotkov <kotkov@apache.org> 2022-10-20 11:04:48 +0000
commit: 435c7fc0df79ccf0b36b966745d7e0c05538b32f (patch)
tree: aa15e433dad515707d11477b0d9a06414d6a4541
parent: b4d4a974aafb712f51cf6b9e480dd39010644474 (diff)
download: apr-435c7fc0df79ccf0b36b966745d7e0c05538b32f.tar.gz
1 files changed, 2 insertions, 7 deletions
diff --git a/network_io/win32/sendrecv.c b/network_io/win32/sendrecv.c
index e9c5a3952..b3e2a1c90 100644
--- a/network_io/win32/sendrecv.c
+++ b/network_io/win32/sendrecv.c
@@ -98,17 +98,12 @@ APR_DECLARE(apr_status_t) apr_socket_sendv(apr_socket_t *sock,
     total_len = 0;
     for (i = 0; i < in_vec; i++) {
         apr_size_t iov_len = vec[i].iov_len;
-        if (iov_len > MAXDWORD) {
-            /* WSASend() returns NumberOfBytesSent as DWORD, so any iovec
-               should be less than that. */
-            return APR_EINVAL;
-        }
-        total_len += iov_len;
-        if (total_len > MAXDWORD) {
+        if (iov_len > (apr_size_t)MAXDWORD - total_len) {
             /* WSASend() returns NumberOfBytesSent as DWORD, so the total size
                should be less than that. */
             return APR_EINVAL;
         }
+        total_len += iov_len;
     }
 
     pWsaBuf = (in_vec <= WSABUF_ON_STACK) ? _alloca(sizeof(WSABUF) * (in_vec))
author	Evgeny Kotkov <kotkov@apache.org>	2022-10-20 11:04:48 +0000
committer	Evgeny Kotkov <kotkov@apache.org>	2022-10-20 11:04:48 +0000
commit	435c7fc0df79ccf0b36b966745d7e0c05538b32f (patch)
tree	aa15e433dad515707d11477b0d9a06414d6a4541
parent	b4d4a974aafb712f51cf6b9e480dd39010644474 (diff)
download	apr-435c7fc0df79ccf0b36b966745d7e0c05538b32f.tar.gz