tree-wide: check result of iovec_total_size()

diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
index 041dc4821655dacca827e8ed6442c42eca850950..94be969f7f4206e5d7af9d720ece435ec7bb37da 100644 (file)
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@@ -1498,9 +1498,6 @@ _public_ int sd_bus_message_append_string_iovec(
                 const struct iovec *iov,
                 unsigned n /* should be size_t, but is API now… 😞 */) {
 
-        size_t size;
-        unsigned i;
-        char *p;
         int r;
 
         assert_return(m, -EINVAL);
@@ -1508,13 +1505,16 @@ _public_ int sd_bus_message_append_string_iovec(
         assert_return(iov || n == 0, -EINVAL);
         assert_return(!m->poisoned, -ESTALE);
 
-        size = iovec_total_size(iov, n);
+        size_t size = iovec_total_size(iov, n);
+        if (size == SIZE_MAX)
+                return -ENOBUFS;
 
+        char *p;
         r = sd_bus_message_append_string_space(m, size, &p);
         if (r < 0)
                 return r;
 
-        for (i = 0; i < n; i++) {
+        for (unsigned i = 0; i < n; i++) {
 
                 if (iov[i].iov_base)
                         memcpy(p, iov[i].iov_base, iov[i].iov_len);
@@ -2160,9 +2160,6 @@ _public_ int sd_bus_message_append_array_iovec(
                 const struct iovec *iov,
                 unsigned n /* should be size_t, but is API now… 😞 */) {
 
-        size_t size;
-        unsigned i;
-        void *p;
         int r;
 
         assert_return(m, -EINVAL);
@@ -2171,13 +2168,16 @@ _public_ int sd_bus_message_append_array_iovec(
         assert_return(iov || n == 0, -EINVAL);
         assert_return(!m->poisoned, -ESTALE);
 
-        size = iovec_total_size(iov, n);
+        size_t size = iovec_total_size(iov, n);
+        if (size == SIZE_MAX)
+                return -ENOBUFS;
 
+        void *p;
         r = sd_bus_message_append_array_space(m, type, size, &p);
         if (r < 0)
                 return r;
 
-        for (i = 0; i < n; i++) {
+        for (unsigned i = 0; i < n; i++) {
 
                 if (iov[i].iov_base)
                         memcpy(p, iov[i].iov_base, iov[i].iov_len);

diff --git a/src/resolve/resolved-dnstls.c b/src/resolve/resolved-dnstls.c
index bfc6a72183199e691c87c77b307e351268b16048..042077ab066dd75b2954bfde74ad4ee2ed5fe941 100644 (file)
--- a/src/resolve/resolved-dnstls.c
+++ b/src/resolve/resolved-dnstls.c
@@ -317,29 +317,30 @@ static ssize_t dnstls_stream_write(DnsStream *stream, const char *buf, size_t co
 }
 
 ssize_t dnstls_stream_writev(DnsStream *stream, const struct iovec *iov, size_t iovcnt) {
-        _cleanup_free_ char *buf = NULL;
-        size_t count;
-
         assert(stream);
         assert(stream->encrypted);
         assert(stream->dnstls_data.ssl);
         assert(iov);
-        assert(iovec_total_size(iov, iovcnt) > 0);
+
+        size_t size = iovec_total_size(iov, iovcnt);
+        if (size == 0)
+                return -EINVAL;
+        if (size == SIZE_MAX)
+                return -ENOBUFS;
 
         if (iovcnt == 1)
                 return dnstls_stream_write(stream, iov[0].iov_base, iov[0].iov_len);
 
         /* As of now, OpenSSL cannot accumulate multiple writes, so join into a
            single buffer. Suboptimal, but better than multiple SSL_write calls. */
-        count = iovec_total_size(iov, iovcnt);
-        buf = new(char, count);
+        _cleanup_free_ char *buf = new(char, size);
         if (!buf)
                 return -ENOMEM;
 
         for (size_t i = 0, pos = 0; i < iovcnt; pos += iov[i].iov_len, i++)
                 memcpy(buf + pos, iov[i].iov_base, iov[i].iov_len);
 
-        return dnstls_stream_write(stream, buf, count);
+        return dnstls_stream_write(stream, buf, size);
 }
 
 ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) {