From: Gert Doering Date: Mon, 6 May 2013 07:55:41 +0000 (+0200) Subject: Use constrain_int() instead of MIN()+syshead.c compat definition - v2. X-Git-Tag: v2.4_alpha1~569 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd25aa66b76b82f335abbb7377c278a44da194ac;p=thirdparty%2Fopenvpn.git Use constrain_int() instead of MIN()+syshead.c compat definition - v2. Reverts commit 15ca5c297b556fbb, instead change ssl_openssl.c to use "constrain_int()", which already exists in "integer.h". Using this instead of min_int() ensures that the result is always bounded to 0...256 even in the case of a potential MAX_INT overflow. Signed-off-by: Gert Doering Acked-by: David Sommerseth Message-Id: 1367826941-22412-1-git-send-email-gert@greenie.muc.de URL: http://article.gmane.org/gmane.network.openvpn.devel/7586 Signed-off-by: David Sommerseth --- diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 79cc056e5..c1b19dc2e 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -232,7 +232,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) // %.*s format specifier expects length of type int, so guarantee // that length is small enough and cast to int. msg (M_WARN, "No valid translation found for TLS cipher '%.*s'", - (int) MIN(current_cipher_len, 256), current_cipher); + constrain_int(current_cipher_len, 0, 256), current_cipher); } else { diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index 0c3e4ee57..db02c237e 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -398,13 +398,6 @@ #define HAVE_GETTIMEOFDAY_NANOSECONDS 1 #endif -/* - * do we have the MIN() macro? - */ -#ifndef MIN -#define MIN(a,b) (((a)<(b))?(a):(b)) -#endif - /* * Do we have the capability to report extended socket errors? */