diff options
author | Kevin McCarthy <kevin@8t8.us> | 2022-04-09 13:32:33 -0700 |
---|---|---|
committer | Kevin McCarthy <kevin@8t8.us> | 2022-04-12 11:07:34 -0700 |
commit | f82641352c6c0f1912c518875133a9b73a0e1f34 (patch) | |
tree | 9261b92befb8c51cb8be4665fe14293baa0ab457 /pgp.c | |
parent | 195bcad02535738e03788e34cdc3f1f0c842b6e1 (diff) |
Fix strlen() assigns to be of type size_t where obvious.
Ticket 405 had an almost-exploit enabled by sloppy assignment of
strlen(). There were more details involved, of course, but this
served as encouragement to clean up obvious "strlen assignment to int"
in the rest of the code.
Note this is not *all* cases, only those that were simple and obvious.
In some cases, the code assigns strlen() to an int but also uses that
variable to hold negative values for another reason. In other cases,
an API is involved (e.g. SASL) that make changing potentially
dangerous. And lastly, some functions were just a bit too complicated
to risk introducing a bug.
Diffstat (limited to 'pgp.c')
-rw-r--r-- | pgp.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -936,7 +936,7 @@ BODY *pgp_decrypt_part (BODY *a, STATE *s, FILE *fpout, BODY *p) FILE *pgpin, *pgpout, *pgperr, *pgptmp; struct stat info; BODY *tattach = NULL; - int len; + size_t len; BUFFER *pgperrfile = NULL, *pgptmpfile = NULL; pid_t thepid; int rv; |