iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-05-18 07:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix an integer overflow bug in the DCC code

Browse Source 
The issue happened if off_t was a signed, 4 byte integer (x86). In this case
(off_t) 0xffffffff is -1 and a file size is always larger than -1 which
unconditionally caused the "File too large" error to trigger.

Thanks to [Deton8r] for reporting this bug and flakes for debugging it.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1568 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
psychon
2009-07-19 19:51:53 +00:00
parent dfce94e39f
commit 4495a6c2e0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
DCCSock.cpp
+2 -2
View File
@@ -186,8 +186,8 @@ CFile* CDCCSock::OpenFile(bool bWrite) {
// The DCC specs only allow file transfers with files smaller
// than 4GiB (see ReadData()).
off_t uFileSize = m_pFile->GetSize();
if (uFileSize > (off_t) 0xffffffff) {
unsigned long long uFileSize = m_pFile->GetSize();
if (uFileSize > (unsigned long long) 0xffffffff) {
delete m_pFile;
m_pFile = NULL;
m_pUser->PutModule(m_sModuleName, "DCC -> [" + m_sRemoteNick + "] - File too large (>4 GiB) [" + m_sLocalFile + "]");