fivedev/harbour-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2012-01-03 15:40 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)

Browse Source 
* harbour/src/rtl/filebuf.c
    ! fixed next three integer overflows exploited by HB64 locking mode.
      BTW probably I'll move the lock range to not operate on last positive
      offset because such overflow problems can be also exploited in low
      level OS or network transport layer code - it happened in the past.
      I'll do that when we confirm that current Harbour implementation
      is correct.
This commit is contained in:
Przemyslaw Czerpak
2012-01-03 14:41:08 +00:00
parent ff6a1d420f
commit accac7cd8e
2 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
harbour/ChangeLog
View File

@@ -16,6 +16,15 @@
The license applies to all entries newer than 2009-04-28.
*/
2012-01-03 15:40 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* harbour/src/rtl/filebuf.c
! fixed next three integer overflows exploited by HB64 locking mode.
BTW probably I'll move the lock range to not operate on last positive
offset because such overflow problems can be also exploited in low
level OS or network transport layer code - it happened in the past.
I'll do that when we confirm that current Harbour implementation
is correct.
2012-01-03 10:39 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
* harbour/src/rtl/filebuf.c
! fixed integer overflow in code scanning the lock pool.

6
harbour/src/rtl/filebuf.c
View File

@@ -233,7 +233,7 @@ static HB_BOOL hb_fileSetLock( PHB_FILE pFile, HB_BOOL * pfLockFS,
if( uiPos < pFile->uiLocks )
{
PHB_FLOCK pLock = &pFile->pLocks[ uiPos ];
if( nStart + nLen > pLock->start )
if( nStart + nLen - 1 >= pLock->start )
return HB_FALSE;
if( nStart + nLen == pLock->start )
fRJoin = HB_TRUE;
@@ -278,7 +278,7 @@ static HB_BOOL hb_fileUnlock( PHB_FILE pFile, HB_BOOL * pfLockFS,
{
PHB_FLOCK pLock = &pFile->pLocks[ uiPos ];
if( nStart >= pLock->start &&
nStart + nLen <= pLock->start + pLock->len )
nStart + nLen - 1 <= pLock->start + pLock->len - 1 )
{
if( pfLockFS && pFile->shared )
* pfLockFS = HB_TRUE;
@@ -316,7 +316,7 @@ static HB_BOOL hb_fileTestLock( PHB_FILE pFile,
if( uiPos < pFile->uiLocks )
{
PHB_FLOCK pLock = &pFile->pLocks[ uiPos ];
if( nStart + nLen > pLock->start )
if( nStart + nLen - 1 >= pLock->start )
return HB_TRUE;
}