security.c: sec_write tweaks

- |fd| is now a curl_socket_t and |len| a size_t to avoid conversions.
- Added 2 FIXMEs about the 2 unsigned -> signed conversions.
- Included 2 minor changes to Curl_sec_end.

1 files changed, 10 insertions, 6 deletions

diff --git a/lib/security.c b/lib/security.c
index ac3c689f4..6e1797cf1 100644
--- a/lib/security.c
+++ b/lib/security.c
@@ -318,18 +318,21 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd,
   free(buffer);
 }
 
-static ssize_t sec_write(struct connectdata *conn, int fd,
-                         const char *buffer, int length)
+static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd,
+                         const char *buffer, size_t length)
 {
-  int len = conn->buffer_size;
+  /* FIXME: Check for overflow */
+  ssize_t len = conn->buffer_size;
   int tx = 0;
 
   len -= (conn->mech->overhead)(conn->app_data, conn->data_prot, len);
   if(len <= 0)
     len = length;
-  while(length){
-    if(length < len)
+  while(length) {
+    if(len >= 0 || length < (size_t)len) {
+      /* FIXME: Check for overflow. */
       len = length;
+    }
     do_sec_send(conn, fd, buffer, len);
     length -= len;
     buffer += len;
@@ -577,13 +580,14 @@ Curl_sec_end(struct connectdata *conn)
   if(conn->mech != NULL) {
     if(conn->mech->end)
       (conn->mech->end)(conn->app_data);
+    /* FIXME: Why do we zero'd it before free'ing it? */
     memset(conn->app_data, 0, conn->mech->size);
     free(conn->app_data);
     conn->app_data = NULL;
   }
   conn->sec_complete = 0;
   conn->data_prot = (enum protection_level)0;
-  conn->mech=NULL;
+  conn->mech = NULL;
 }
 
 #endif /* HAVE_KRB4 || HAVE_GSSAPI */