diff --git a/harbour/ChangeLog b/harbour/ChangeLog index df968b60c3..25b126051e 100644 --- a/harbour/ChangeLog +++ b/harbour/ChangeLog @@ -16,6 +16,15 @@ The license applies to all entries newer than 2009-04-28. */ +2012-01-03 15:40 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) + * harbour/src/rtl/filebuf.c + ! fixed next three integer overflows exploited by HB64 locking mode. + BTW probably I'll move the lock range to not operate on last positive + offset because such overflow problems can be also exploited in low + level OS or network transport layer code - it happened in the past. + I'll do that when we confirm that current Harbour implementation + is correct. + 2012-01-03 10:39 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * harbour/src/rtl/filebuf.c ! fixed integer overflow in code scanning the lock pool. diff --git a/harbour/src/rtl/filebuf.c b/harbour/src/rtl/filebuf.c index 614f519650..d46ddd4813 100644 --- a/harbour/src/rtl/filebuf.c +++ b/harbour/src/rtl/filebuf.c @@ -233,7 +233,7 @@ static HB_BOOL hb_fileSetLock( PHB_FILE pFile, HB_BOOL * pfLockFS, if( uiPos < pFile->uiLocks ) { PHB_FLOCK pLock = &pFile->pLocks[ uiPos ]; - if( nStart + nLen > pLock->start ) + if( nStart + nLen - 1 >= pLock->start ) return HB_FALSE; if( nStart + nLen == pLock->start ) fRJoin = HB_TRUE; @@ -278,7 +278,7 @@ static HB_BOOL hb_fileUnlock( PHB_FILE pFile, HB_BOOL * pfLockFS, { PHB_FLOCK pLock = &pFile->pLocks[ uiPos ]; if( nStart >= pLock->start && - nStart + nLen <= pLock->start + pLock->len ) + nStart + nLen - 1 <= pLock->start + pLock->len - 1 ) { if( pfLockFS && pFile->shared ) * pfLockFS = HB_TRUE; @@ -316,7 +316,7 @@ static HB_BOOL hb_fileTestLock( PHB_FILE pFile, if( uiPos < pFile->uiLocks ) { PHB_FLOCK pLock = &pFile->pLocks[ uiPos ]; - if( nStart + nLen > pLock->start ) + if( nStart + nLen - 1 >= pLock->start ) return HB_TRUE; }