/*
- silcattrs.c
+ silcattrs.c
Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2002 Pekka Riikonen
+ Copyright (C) 2002 - 2004 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
{
SilcBuffer tmpbuf = NULL;
unsigned char tmp[4], *str = NULL, *ret;
- int len;
+ SilcUInt32 len;
/* Encode according to attribute type */
if (flags & SILC_ATTRIBUTE_FLAG_VALID) {
case SILC_ATTRIBUTE_SERVICE:
{
SilcAttributeObjService *service = object;
- int len2;
+ SilcUInt32 len2;
if (object_size != sizeof(*service))
return NULL;
len = strlen(service->address);
case SILC_ATTRIBUTE_STATUS_MOOD:
case SILC_ATTRIBUTE_PREFERRED_CONTACT:
{
- SilcUInt32 mask = (SilcUInt32)object;
+ SilcUInt32 mask = SILC_PTR_TO_32(object);
if (object_size != sizeof(SilcUInt32))
return NULL;
SILC_PUT32_MSB(mask, tmp);
case SILC_ATTRIBUTE_GEOLOCATION:
{
SilcAttributeObjGeo *geo = object;
- int len1, len2, len3, len4;
+ SilcUInt32 len1, len2, len3, len4;
if (object_size != sizeof(*geo))
return NULL;
len1 = (geo->longitude ? strlen(geo->longitude) : 0);
case SILC_ATTRIBUTE_DEVICE_INFO:
{
SilcAttributeObjDevice *dev = object;
- int len1, len2, len3, len4;
+ SilcUInt32 len1, len2, len3, len4;
if (object_size != sizeof(*dev))
return NULL;
len1 = (dev->manufacturer ? strlen(dev->manufacturer) : 0);
SilcBufferStruct buffer;
SilcDList list;
SilcAttributePayload newp;
- int len, ret;
+ SilcUInt32 len;
+ int ret;
SILC_LOG_DEBUG(("Parsing Attribute Payload list"));
ret = silc_buffer_unformat(&buffer,
SILC_STR_UI_CHAR(&newp->attribute),
SILC_STR_UI_CHAR(&newp->flags),
- SILC_STR_UI16_NSTRING_ALLOC(&newp->data,
+ SILC_STR_UI16_NSTRING_ALLOC(&newp->data,
&newp->data_len),
SILC_STR_END);
if (ret == -1)
goto err;
- if (newp->data_len > buffer.len) {
+ if (newp->data_len > buffer.len - 4) {
SILC_LOG_ERROR(("Incorrect attribute payload in list"));
goto err;
}
silc_dlist_add(list, newp);
}
-
+
return list;
err:
SilcUInt32 data_len)
{
SilcBuffer buffer = attrs;
- int len;
+ SilcUInt32 len;
- len = 4 + data_len;
+ len = 4 + (SilcUInt16)data_len;
buffer = silc_buffer_realloc(buffer,
(buffer ? buffer->truelen + len : len));
if (!buffer)
return NULL;
silc_buffer_pull(buffer, buffer->len);
silc_buffer_pull_tail(buffer, len);
- silc_buffer_format(buffer,
+ silc_buffer_format(buffer,
SILC_STR_UI_CHAR(attribute),
SILC_STR_UI_CHAR(flags),
SILC_STR_UI_SHORT((SilcUInt16)data_len),
- SILC_STR_UI_XNSTRING(data, data_len),
+ SILC_STR_UI_XNSTRING(data, (SilcUInt16)data_len),
SILC_STR_END);
silc_buffer_push(buffer, buffer->data - buffer->head);
if (!data)
return NULL;
silc_buffer_set(&buffer, data + len, 4 + attr->data_len);
- silc_buffer_format(&buffer,
+ silc_buffer_format(&buffer,
SILC_STR_UI_CHAR(attr->attribute),
SILC_STR_UI_CHAR(attr->flags),
SILC_STR_UI_SHORT(attr->data_len),
silc_buffer_unformat(&buffer,
SILC_STR_UI16_NSTRING_ALLOC(&pk->type, &len),
SILC_STR_END);
- if (res == -1)
+ if (res == -1 || len > buffer.len - 2)
break;
pk->data = silc_memdup(payload->data + 2 + len,
payload->data_len - 2 - len);