diff options
| author | Roy Marples <roy@marples.name> | 2019-12-11 12:27:51 +0000 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2019-12-11 12:27:51 +0000 |
| commit | 0b8924c666f3dddb18cd7028e55573bb8671a0f8 (patch) | |
| tree | 5b9288feaf54b7580f552a4573560d4332881db1 | |
| parent | cd3be7d3759ca55afd11635c87f618fe4da5e749 (diff) | |
| download | dhcpcd-ui-0b8924c666f3dddb18cd7028e55573bb8671a0f8.tar.xz | |
libdhcpcd: Limit messages to SSIZE_MAX
We need to add one to it for allocation to terminate it and
this is a stupidly big string anyway.
Found by LGMT.
| -rw-r--r-- | src/libdhcpcd/dhcpcd.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libdhcpcd/dhcpcd.c b/src/libdhcpcd/dhcpcd.c index c4c1f5d..f8f558b 100644 --- a/src/libdhcpcd/dhcpcd.c +++ b/src/libdhcpcd/dhcpcd.c @@ -903,6 +903,11 @@ dhcpcd_read_if(DHCPCD_CONNECTION *con, int fd) return NULL; } memcpy(&len, sbuf, sizeof(len)); + if (len >= SSIZE_MAX) { + /* Even this is probably too big! */ + errno = ENOBUFS; + return NULL; + } rbuf = malloc(len + 1); if (rbuf == NULL) return NULL; |