summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoy Marples <roy@marples.name>2019-12-11 12:27:51 +0000
committerRoy Marples <roy@marples.name>2019-12-11 12:27:51 +0000
commit0b8924c666f3dddb18cd7028e55573bb8671a0f8 (patch)
tree5b9288feaf54b7580f552a4573560d4332881db1
parentcd3be7d3759ca55afd11635c87f618fe4da5e749 (diff)
downloaddhcpcd-ui-0b8924c666f3dddb18cd7028e55573bb8671a0f8.tar.xz
libdhcpcd: Limit messages to SSIZE_MAX
We need to add one to it for allocation to terminate it and this is a stupidly big string anyway. Found by LGMT.
-rw-r--r--src/libdhcpcd/dhcpcd.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libdhcpcd/dhcpcd.c b/src/libdhcpcd/dhcpcd.c
index c4c1f5d..f8f558b 100644
--- a/src/libdhcpcd/dhcpcd.c
+++ b/src/libdhcpcd/dhcpcd.c
@@ -903,6 +903,11 @@ dhcpcd_read_if(DHCPCD_CONNECTION *con, int fd)
return NULL;
}
memcpy(&len, sbuf, sizeof(len));
+ if (len >= SSIZE_MAX) {
+ /* Even this is probably too big! */
+ errno = ENOBUFS;
+ return NULL;
+ }
rbuf = malloc(len + 1);
if (rbuf == NULL)
return NULL;