vitalif
/
libnfs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Prevent integer overflow in rpc_process_pdu 

Signed-off-by: Volker Lendecke <vl@samba.org>
master
Volker Lendecke 2019-03-08 17:01:54 +01:00 committed by Ronnie Sahlberg
parent dfca3e447d
commit 4bd145ba44
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/pdu.c
View File

@ -505,6 +505,11 @@ int rpc_process_pdu(struct rpc_context *rpc, char *buf, int size)
zdr_destroy(&zdr);
for (fragment = rpc->fragments; fragment; fragment = fragment->next) {
total += fragment->size;
if (total < fragment->size) {
rpc_set_error(rpc, "Fragments too large");
rpc_free_all_fragments(rpc);
return -1;
}
}
reasbuf = malloc(total);