Repository : ssh://git@open-mesh.org/alfred
On branch : master
commit 39a7d3526aeb06fc992a15634f11512ec0c563ae Author: Sven Eckelmann sven@narfation.org Date: Sat May 24 13:44:15 2014 +0200
alfred: Fix length check for push_data
The client receives the push_data header and the header of a data_block when it tries to parse the answer of an request. The remaining buffer size to store the actual data has to remove these two headers from its available, original buffer size. The read of the data would otherwise (potentially) overflow the output buffer.
Signed-off-by: Sven Eckelmann sven@narfation.org [sw: fixed sign in buf_data_len for sizeof(*data)] Signed-off-by: Simon Wunderlich sw@simonwunderlich.de
39a7d3526aeb06fc992a15634f11512ec0c563ae client.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/client.c b/client.c index 3670f4f..cbc6867 100644 --- a/client.c +++ b/client.c @@ -38,6 +38,7 @@ int alfred_client_request_data(struct globals *globals) struct alfred_tlv *tlv; struct alfred_data *data; int ret, len, data_len, i; + const size_t buf_data_len = sizeof(buf) - sizeof(*push) - sizeof(*data);
if (unix_sock_open_client(globals, ALFRED_SOCK_PATH)) return -1; @@ -88,7 +89,7 @@ int alfred_client_request_data(struct globals *globals) data_len = ntohs(data->header.length);
/* would it fit? it should! */ - if (data_len > (int)(sizeof(buf) - sizeof(*push))) + if (data_len > (int)buf_data_len) break;
/* read the data */
-
postmaster@open-mesh.org