The push_data packets which are too small can be dropped earlier in the transaction process. These cannot be parsed later when finishing the transaction and thus it is unnecessary to first enqueue them to the transaction list and allocate extra memory for the management structure.
Signed-off-by: Sven Eckelmann sven@narfation.org --- recv.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/recv.c b/recv.c index 16242bc..f459190 100644 --- a/recv.c +++ b/recv.c @@ -189,4 +189,6 @@ static int process_alfred_push_data(struct globals *globals,
len = ntohs(push->header.length); + if (len < (int)(sizeof(*push) - sizeof(push->header))) + goto err;
search.server_addr = mac;