Check if the data and its headers would fit in outgoing buffer before copying the data to the output buffer. This is not a problem by itself because the data + header in the dataset cannot be larger than (MAX_PAYLOAD - sizeof(struct alfred_push_data_v0)).
Signed-off-by: Sven Eckelmann sven@narfation.org --- unix_sock.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/unix_sock.c b/unix_sock.c index 2c862d5..29c934e 100644 --- a/unix_sock.c +++ b/unix_sock.c @@ -183,4 +183,9 @@ static int unix_sock_req_data_reply(struct globals *globals, int client_sock, continue;
+ /* too large? - should never happen */ + if (dataset->data.header.length + sizeof(*data) > + MAX_PAYLOAD - sizeof(*push)) + continue; + data = push->data; memcpy(data, &dataset->data, sizeof(*data));