From a12e374a04122f2ba5ff137df3fd0534a528d56d Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Wed, 13 Dec 2017 11:20:24 +0100
Subject: [PATCH] harden checks of json_object_array_length return values

with json-c until 0.12.x json_object_array_length returned signed
integer. json-c 0.13.x and later changed return type to unsigned
size_t.

Consider return values less or equal to zero as empty array, otherwise
array is non-empty.
---
 lib/luks2/luks2_digest.c        |  4 ++--
 lib/luks2/luks2_json_metadata.c | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/luks2/luks2_digest.c b/lib/luks2/luks2_digest.c
index f0b508c5..5e628339 100644
--- a/lib/luks2/luks2_digest.c
+++ b/lib/luks2/luks2_digest.c
@@ -368,14 +368,14 @@ static int digest_unused(json_object *jobj_digest)
 	json_object *jobj;
 
 	json_object_object_get_ex(jobj_digest, "segments", &jobj);
-	if (!jobj || !json_object_is_type(jobj, json_type_array) || json_object_array_length(jobj))
+	if (!jobj || !json_object_is_type(jobj, json_type_array) || json_object_array_length(jobj) > 0)
 		return 0;
 
 	json_object_object_get_ex(jobj_digest, "keyslots", &jobj);
 	if (!jobj || !json_object_is_type(jobj, json_type_array))
 		return 0;
 
-	return json_object_array_length(jobj) ? 0 : 1;
+	return json_object_array_length(jobj) > 0 ? 0 : 1;
 }
 
 void LUKS2_digests_erase_unused(struct crypt_device *cd,
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
index ac8be94b..74e98089 100644
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
@@ -1288,7 +1288,7 @@ int LUKS2_config_get_requirements(struct crypt_device *cd, struct luks2_hdr *hdr
 		return 0;
 
 	len = json_object_array_length(jobj_mandatory);
-	if (!len)
+	if (len <= 0)
 		return 0;
 
 	log_dbg("LUKS2 requirements detected:");
@@ -1347,7 +1347,7 @@ int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr
 		json_object_object_add(jobj_config, "requirements", jobj_requirements);
 	}
 
-	if (json_object_array_length(jobj_mandatory)) {
+	if (json_object_array_length(jobj_mandatory) > 0) {
 		/* replace mandatory field with new values */
 		json_object_object_add(jobj_requirements, "mandatory", jobj_mandatory);
 	} else {
@@ -1390,9 +1390,9 @@ static void hdr_dump_config(struct crypt_device *cd, json_object *hdr_jobj)
 		log_std(cd, "%s ", json_object_get_string(jobj1));
 	}
 
-	log_std(cd, "%s\n%s", flags ? "" : "(no flags)", reqs ? "" : "\n");
+	log_std(cd, "%s\n%s", flags > 0 ? "" : "(no flags)", reqs > 0 ? "" : "\n");
 
-	if (reqs) {
+	if (reqs > 0) {
 		log_std(cd, "Requirements:\t");
 		for (i = 0; i < reqs; i++) {
 			jobj1 = json_object_array_get_idx(jobj_mandatory, i);
@@ -1706,7 +1706,7 @@ int LUKS2_get_volume_key_size(struct luks2_hdr *hdr, int segment)
 
 		if (!LUKS2_array_jobj(jobj_digest_segments, buf))
 			continue;
-		if (!json_object_array_length(jobj_digest_keyslots))
+		if (json_object_array_length(jobj_digest_keyslots) <= 0)
 			continue;
 
 		jobj1 = json_object_array_get_idx(jobj_digest_keyslots, 0);