svn commit: r220522 - head/sbin/hastd
Mikolaj Golub
trociny at FreeBSD.org
Sun Apr 10 15:21:47 UTC 2011
Author: trociny
Date: Sun Apr 10 15:21:46 2011
New Revision: 220522
URL: http://svn.freebsd.org/changeset/base/220522
Log:
In hast_proto_recv_data() check that the size of the data to be
received does not exceed the buffer size.
Approved by: pjd (mentor)
MFC after: 1 week
Modified:
head/sbin/hastd/hast_proto.c
Modified: head/sbin/hastd/hast_proto.c
==============================================================================
--- head/sbin/hastd/hast_proto.c Sun Apr 10 15:11:19 2011 (r220521)
+++ head/sbin/hastd/hast_proto.c Sun Apr 10 15:21:46 2011 (r220522)
@@ -189,9 +189,12 @@ hast_proto_recv_data(const struct hast_r
dptr = data;
dsize = nv_get_uint32(nv, "size");
- if (dsize == 0)
+ if (dsize > size) {
+ errno = EINVAL;
+ goto end;
+ } else if (dsize == 0) {
(void)nv_set_error(nv, 0);
- else {
+ } else {
if (proto_recv(conn, data, dsize) < 0)
goto end;
for (ii = sizeof(pipeline) / sizeof(pipeline[0]); ii > 0;
More information about the svn-src-head
mailing list