Fix buffer overflow check.

author: Rob Austein <sra@hactrn.net> 2016-07-07 17:18:37 -0400
committer: Rob Austein <sra@hactrn.net> 2016-07-07 17:18:37 -0400
commit: 2104d642bb86f27747107cb8e777739dc215b1f4 (patch)
tree: cad3ac5ae3368083d411496ba978b2431cfb1c68 /xdr.c
parent: db595b9c0c69c0dc43aeb78ecc16f8e3f6f058f3 (diff)
1 files changed, 15 insertions, 8 deletions
diff --git a/xdr.c b/xdr.c
index 27b8593..0f172fb 100644
--- a/xdr.c
+++ b/xdr.c
@@ -165,21 +165,28 @@ hal_error_t hal_xdr_decode_buffer_in_place(const uint8_t **inbuf, const uint8_t
  */
 hal_error_t hal_xdr_decode_buffer(const uint8_t **inbuf, const uint8_t * const limit, uint8_t * const value, uint32_t * const len)
 {
+    if (inbuf == NULL || value == NULL || len == NULL)
+        return HAL_ERROR_BAD_ARGUMENTS;
+
     hal_error_t ret;
     const uint8_t *vptr;
     const uint8_t *orig_inbuf = *inbuf;
     uint32_t xdr_len;
 
-    if ((ret = hal_xdr_decode_buffer_in_place(inbuf, limit, &vptr, &xdr_len)) == HAL_OK) {
-	*len = xdr_len;
-	if (*len < xdr_len) {
-	    /* user buffer is too small, undo read of length */
-	    *inbuf = orig_inbuf;
-	    return HAL_ERROR_XDR_BUFFER_OVERFLOW;
-	}
+    if ((ret = hal_xdr_decode_buffer_in_place(inbuf, limit, &vptr, &xdr_len)) != HAL_OK)
+        return ret;
 
-        memcpy(value, vptr, *len);
+    if (*len < xdr_len) {
+        /* user buffer is too small, undo read of length */
+        *inbuf = orig_inbuf;
+	ret = HAL_ERROR_XDR_BUFFER_OVERFLOW;
     }
+    else {
+        memcpy(value, vptr, xdr_len);
+    }
+
+    *len = xdr_len;
+
     return ret;
 }
author	Rob Austein <sra@hactrn.net>	2016-07-07 17:18:37 -0400
committer	Rob Austein <sra@hactrn.net>	2016-07-07 17:18:37 -0400
commit	2104d642bb86f27747107cb8e777739dc215b1f4 (patch)
tree	cad3ac5ae3368083d411496ba978b2431cfb1c68 /xdr.c
parent	db595b9c0c69c0dc43aeb78ecc16f8e3f6f058f3 (diff)