From 2d77a432a3785b3e716ca26cf8f13b25d7e3e84a Mon Sep 17 00:00:00 2001
From: David Goulet <dgoulet@riseup.net>
Date: Fri, 17 Feb 2017 14:27:57 -0500
Subject: [PATCH] Don't use assert() for an overflow check

assert() can be removed so let's not rely on that to detect the possible
overflow.

Signed-off-by: David Goulet <dgoulet@riseup.net>
---
 src/trees-ostream.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/trees-ostream.c b/src/trees-ostream.c
index ebe8ca6..c2b3a66 100644
--- a/src/trees-ostream.c
+++ b/src/trees-ostream.c
@@ -20,7 +20,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include <assert.h>
 #include <arpa/inet.h>
 #include <string.h>
 
@@ -84,11 +83,15 @@ trees_ostream_send_chunk(struct trees_ostream *sstream,
                          const unsigned char *chunk, size_t chunk_size)
 {
   ssize_t ret;
-  /* Extra protection here against overflow. Maybe too agressive! */
-  assert(chunk_size < (SSIZE_MAX - crypto_box_SEALBYTES));
   size_t ciphertext_len = crypto_box_SEALBYTES + chunk_size;
   unsigned char ciphertext[ciphertext_len];
 
+  /* Extra protection here against overflow. */
+  if (chunk_size < (SSIZE_MAX - crypto_box_SEALBYTES)) {
+    sstream->ostream.ostream.stream_errno = EIO;
+    goto err;
+  }
+
   sodium_memzero(ciphertext, sizeof(ciphertext));
   ret = crypto_box_seal(ciphertext, chunk, chunk_size,
                         sstream->public_key);
-- 
GitLab