summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2012-11-12 15:28:53 +0200
committerTimo Teräs <timo.teras@iki.fi>2012-11-12 15:28:53 +0200
commitc17f12b2ee059aa2c78f25bb0f97e2cfe93dde8f (patch)
tree1d09499d1e16c72eb4e5abad501d43f2f210768b
parentdd27d08692576575cf675b04b5a7149b4f03b879 (diff)
downloadsquark-c17f12b2ee059aa2c78f25bb0f97e2cfe93dde8f.tar.bz2
squark-c17f12b2ee059aa2c78f25bb0f97e2cfe93dde8f.tar.xz
filterdb: check section limits for literal strings
-rw-r--r--src/filterdb.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/filterdb.c b/src/filterdb.c
index d3f4c6a..c359ce6 100644
--- a/src/filterdb.c
+++ b/src/filterdb.c
@@ -141,17 +141,23 @@ void *sqdb_section_get(struct sqdb *db, int id, uint32_t *size)
blob_t sqdb_get_string_literal(struct sqdb *db, uint32_t encoded_ptr)
{
+ uint32_t section_size;
unsigned char *ptr;
unsigned int len, off;
- ptr = sqdb_section_get(db, SQDB_SECTION_STRINGS, NULL);
+ ptr = sqdb_section_get(db, SQDB_SECTION_STRINGS, &section_size);
if (ptr == NULL)
return BLOB_NULL;
off = encoded_ptr >> SQDB_LENGTH_BITS;
len = encoded_ptr & ((1 << SQDB_LENGTH_BITS) - 1);
+
+ if (off + len >= section_size)
+ return BLOB_NULL;
if (len == 0)
len = ptr[off++];
+ if (off + len >= section_size)
+ return BLOB_NULL;
return BLOB_PTR_LEN(ptr + off, len);
}