Add lower bound to sesman data input size check
This commit is contained in:
matt335672
parent
934a91fc29
commit
eb4a8e342d
@ -276,6 +276,7 @@ sesman_close_all(void)
|
|||||||
static int
|
static int
|
||||||
sesman_data_in(struct trans *self)
|
sesman_data_in(struct trans *self)
|
||||||
{
|
{
|
||||||
|
#define HEADER_SIZE 8
|
||||||
int version;
|
int version;
|
||||||
int size;
|
int size;
|
||||||
|
|
||||||
@ -283,9 +284,9 @@ sesman_data_in(struct trans *self)
|
|||||||
{
|
{
|
||||||
in_uint32_be(self->in_s, version);
|
in_uint32_be(self->in_s, version);
|
||||||
in_uint32_be(self->in_s, size);
|
in_uint32_be(self->in_s, size);
|
||||||
if (size > self->in_s->size)
|
if (size < HEADER_SIZE || size > self->in_s->size)
|
||||||
{
|
{
|
||||||
LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size");
|
LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size %d", size);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
self->header_size = size;
|
self->header_size = size;
|
||||||
@ -302,11 +303,12 @@ sesman_data_in(struct trans *self)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
/* reset for next message */
|
/* reset for next message */
|
||||||
self->header_size = 8;
|
self->header_size = HEADER_SIZE;
|
||||||
self->extra_flags = 0;
|
self->extra_flags = 0;
|
||||||
init_stream(self->in_s, 0); /* Reset input stream pointers */
|
init_stream(self->in_s, 0); /* Reset input stream pointers */
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
#undef HEADER_SIZE
|
||||||
}
|
}
|
||||||
|
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user