Use constrain_int() instead of MIN()+syshead.c compat definition - v2.

Reverts commit 15ca5c297b556fbb, instead change ssl_openssl.c to use
"constrain_int()", which already exists in "integer.h".

Using this instead of min_int() ensures that the result is always bounded
to 0...256 even in the case of a potential MAX_INT overflow.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1367826941-22412-1-git-send-email-gert@greenie.muc.de
URL: http://article.gmane.org/gmane.network.openvpn.devel/7586
Signed-off-by: David Sommerseth <davids@redhat.com>

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 79cc056e5f92197d111042f43a5997b8a5627648..c1b19dc2e9218d843b4912c269d01c2dd3539456 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -232,7 +232,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
           // %.*s format specifier expects length of type int, so guarantee
           // that length is small enough and cast to int.
           msg (M_WARN, "No valid translation found for TLS cipher '%.*s'",
-              (int) MIN(current_cipher_len, 256), current_cipher);
+                 constrain_int(current_cipher_len, 0, 256), current_cipher);
         }
       else
        {

diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 0c3e4ee5798e071d664d909f48f10a6beb089f4a..db02c237ed6ca728b05ff90783a0d0af921f8343 100644 (file)
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -398,13 +398,6 @@
 #define HAVE_GETTIMEOFDAY_NANOSECONDS 1
 #endif
 
-/*
- * do we have the MIN() macro?
- */
-#ifndef MIN
-#define MIN(a,b) (((a)<(b))?(a):(b))
-#endif
-
 /*
  * Do we have the capability to report extended socket errors?
  */