Repository : ssh://git@open-mesh.org/alfred
On branch : master
commit 91ed3df3848a3247040c48a476198ae4b3e4b9ac Author: Sven Eckelmann sven@narfation.org Date: Sun May 31 13:35:58 2015 +0200
alfred: Check buffer size before pushing data over unix socket
Check if the data and its headers would fit in outgoing buffer before copying the data to the output buffer. This is not a problem by itself because the data + header in the dataset cannot be larger than (MAX_PAYLOAD - sizeof(struct alfred_push_data_v0)).
Signed-off-by: Sven Eckelmann sven@narfation.org Signed-off-by: Simon Wunderlich sw@simonwunderlich.de
91ed3df3848a3247040c48a476198ae4b3e4b9ac unix_sock.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/unix_sock.c b/unix_sock.c index 2c862d5..29c934e 100644 --- a/unix_sock.c +++ b/unix_sock.c @@ -182,6 +182,11 @@ static int unix_sock_req_data_reply(struct globals *globals, int client_sock, if (dataset->data.header.type != requested_type) continue;
+ /* too large? - should never happen */ + if (dataset->data.header.length + sizeof(*data) > + MAX_PAYLOAD - sizeof(*push)) + continue; + data = push->data; memcpy(data, &dataset->data, sizeof(*data)); data->header.length = htons(data->header.length);