From 68acf8815c369e1bedfc0fa8f066975001803454 Mon Sep 17 00:00:00 2001
From: Klaus Schmidinger <vdr@tvdr.de>
Date: Fri, 23 Dec 2016 14:08:14 +0100
Subject: Fixed a possible buffer overflow in handling CA descriptors

---
 tools.c | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

(limited to 'tools.c')

diff --git a/tools.c b/tools.c
index adfff1c3..754673db 100644
--- a/tools.c
+++ b/tools.c
@@ -4,7 +4,7 @@
  * See the main source file 'vdr.c' for copyright information and
  * how to reach the author.
  *
- * $Id: tools.c 4.4 2015/09/10 13:17:55 kls Exp $
+ * $Id: tools.c 4.5 2016/12/23 14:03:40 kls Exp $
  */
 
 #include "tools.h"
@@ -2272,6 +2272,44 @@ void cListBase::Sort(void)
   free(a);
 }
 
+// --- cDynamicBuffer --------------------------------------------------------
+
+cDynamicBuffer::cDynamicBuffer(int InitialSize)
+{
+  initialSize = InitialSize;
+  buffer = NULL;
+  size = used = 0;
+}
+
+cDynamicBuffer::~cDynamicBuffer()
+{
+  free(buffer);
+}
+
+bool cDynamicBuffer::Realloc(int NewSize)
+{
+  if (size < NewSize) {
+     NewSize = max(NewSize, size ? size * 3 / 2 : initialSize); // increase size by at least 50%
+     if (uchar *NewBuffer = (uchar *)realloc(buffer, NewSize)) {
+        buffer = NewBuffer;
+        size = NewSize;
+        }
+     else {
+        esyslog("ERROR: out of memory");
+        return false;
+        }
+     }
+  return true;
+}
+
+void cDynamicBuffer::Append(const uchar *Data, int Length)
+{
+  if (Assert(used + Length)) {
+     memcpy(buffer + used, Data, Length);
+     used += Length;
+     }
+}
+
 // --- cHashBase -------------------------------------------------------------
 
 cHashBase::cHashBase(int Size)
-- 
cgit v1.2.3