blob: 6b2b6ce75a5f59846c4d68063979999b92d165a9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
From 4337fd9fc2d2ea83654f2ca69245503730231ac3 Mon Sep 17 00:00:00 2001
From: iljavs <ivansprundel@ioactive.com>
Date: Mon, 27 Jun 2016 01:17:57 -0700
Subject: [PATCH] fix signedness issue
This commit fixes a signedness issue, where a negative vc coming from a malicious client could possibly cause memory corruption.
---
src/daemon/processconn.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/daemon/processconn.c b/src/daemon/processconn.c
index a5839a3..e92fa63 100644
--- a/src/daemon/processconn.c
+++ b/src/daemon/processconn.c
@@ -67,7 +67,8 @@ int processConn(int fd)
return -1;
}
- if((vc = request->vc) > MAX_VC) {
+ vc = request->vc;
+ if(vc > MAX_VC || vc < 0) {
gpm_report(GPM_PR_DEBUG, GPM_MESS_REQUEST_ON, vc, MAX_VC);
free(info);
close(newfd);
|
