{
SilcBuffer tmpbuf = NULL;
unsigned char tmp[4], *str = NULL, *ret;
- int len;
+ SilcUInt32 len;
/* Encode according to attribute type */
if (flags & SILC_ATTRIBUTE_FLAG_VALID) {
case SILC_ATTRIBUTE_SERVICE:
{
SilcAttributeObjService *service = object;
- int len2;
+ SilcUInt32 len2;
if (object_size != sizeof(*service))
return NULL;
len = strlen(service->address);
case SILC_ATTRIBUTE_GEOLOCATION:
{
SilcAttributeObjGeo *geo = object;
- int len1, len2, len3, len4;
+ SilcUInt32 len1, len2, len3, len4;
if (object_size != sizeof(*geo))
return NULL;
len1 = (geo->longitude ? strlen(geo->longitude) : 0);
case SILC_ATTRIBUTE_DEVICE_INFO:
{
SilcAttributeObjDevice *dev = object;
- int len1, len2, len3, len4;
+ SilcUInt32 len1, len2, len3, len4;
if (object_size != sizeof(*dev))
return NULL;
len1 = (dev->manufacturer ? strlen(dev->manufacturer) : 0);
SilcBufferStruct buffer;
SilcDList list;
SilcAttributePayload newp;
- int len, ret;
+ SilcUInt32 len;
+ int ret;
SILC_LOG_DEBUG(("Parsing Attribute Payload list"));
if (ret == -1)
goto err;
- if (newp->data_len > buffer.len) {
+ if (newp->data_len > buffer.len - 4) {
SILC_LOG_ERROR(("Incorrect attribute payload in list"));
goto err;
}
SilcUInt32 data_len)
{
SilcBuffer buffer = attrs;
- int len;
+ SilcUInt32 len;
- len = 4 + data_len;
+ len = 4 + (SilcUInt16)data_len;
buffer = silc_buffer_realloc(buffer,
(buffer ? buffer->truelen + len : len));
if (!buffer)
SILC_STR_UI_CHAR(attribute),
SILC_STR_UI_CHAR(flags),
SILC_STR_UI_SHORT((SilcUInt16)data_len),
- SILC_STR_UI_XNSTRING(data, data_len),
+ SILC_STR_UI_XNSTRING(data, (SilcUInt16)data_len),
SILC_STR_END);
silc_buffer_push(buffer, buffer->data - buffer->head);
silc_buffer_unformat(&buffer,
SILC_STR_UI16_NSTRING_ALLOC(&pk->type, &len),
SILC_STR_END);
- if (res == -1)
+ if (res == -1 || len > buffer.len - 2)
break;
pk->data = silc_memdup(payload->data + 2 + len,
payload->data_len - 2 - len);