From e44ecbcda3b1cb9146bd7409e53a594293a6ddb8 Mon Sep 17 00:00:00 2001
From: Arne Goedeke <el@laramies.com>
Date: Wed, 12 Mar 2014 21:45:28 +0100
Subject: [PATCH] BSON: insufficient out of bounds check

---
 src/post_modules/BSON/bson.cmod | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/post_modules/BSON/bson.cmod b/src/post_modules/BSON/bson.cmod
index b9ecba203a..3d8178ae4c 100644
--- a/src/post_modules/BSON/bson.cmod
+++ b/src/post_modules/BSON/bson.cmod
@@ -231,7 +231,7 @@ char * decode_next_value(struct pike_string * pike_slist, char * n, struct mappi
       bump = get_unaligned_le32(n);
       left = pike_slist->len - (n - slist);
 
-      if(!bump || bump > left)
+      if(bump <= 0 || bump > left)
       {
         Pike_error("invalid BSON. not enough data: need %d, have %d.\n", bump, left);
       }
@@ -251,7 +251,7 @@ char * decode_next_value(struct pike_string * pike_slist, char * n, struct mappi
       n+=4;
       left = pike_slist->len - (n - slist);
 
-      if(!bump || bump > left)
+      if(bump <= 0 || bump > left)
       {
         Pike_error("invalid BSON. not enough data 5.\n");
       }
@@ -510,7 +510,7 @@ char * decode_next_value(struct pike_string * pike_slist, char * n, struct mappi
       int32_t left;
       n+=4;
       left = pike_slist->len - (n - slist);
-      if(!bump || bump > left)
+      if(bump <= 0 || bump > left)
         Pike_error("invalid BSON. not enough data.\n");
       val = make_shared_binary_string(n, bump-1); // length includes null.
       n += (bump);
-- 
GitLab