diff options
| author | Moritz Jodeit <moritz@cvs.openbsd.org> | 2006-01-20 16:51:39 +0000 |
|---|---|---|
| committer | Moritz Jodeit <moritz@cvs.openbsd.org> | 2006-01-20 16:51:39 +0000 |
| commit | ab0e8c067856b77b276fb91e3ae36b179d64eca2 (patch) | |
| tree | 2415dd59b10a02e706efe5c8e6b487698e1b37da | |
| parent | ad734e764da5e0f0ac1392f062613e006ec7fc62 (diff) | |
fix integer overflows. ok millert@
| -rw-r--r-- | libexec/ftpd/monitor.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/libexec/ftpd/monitor.c b/libexec/ftpd/monitor.c index 3b7c112160b..bbbc60726ad 100644 --- a/libexec/ftpd/monitor.c +++ b/libexec/ftpd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.11 2005/07/14 14:48:47 moritz Exp $ */ +/* $OpenBSD: monitor.c,v 1.12 2006/01/20 16:51:38 moritz Exp $ */ /* * Copyright (c) 2004 Moritz Jodeit <moritz@openbsd.org> @@ -23,6 +23,7 @@ #include <errno.h> #include <fcntl.h> +#include <limits.h> #include <paths.h> #include <pwd.h> #include <signal.h> @@ -265,10 +266,11 @@ handle_cmds(void) debugmsg("CMD_USER received"); recv_data(fd_slave, &len, sizeof(len)); + if (len == 0 || len == SIZE_T_MAX) + fatalx("monitor received invalid user length"); if ((name = malloc(len + 1)) == NULL) fatalx("malloc: %m"); - if (len > 0) - recv_data(fd_slave, name, len); + recv_data(fd_slave, name, len); name[len] = '\0'; user(name); @@ -278,10 +280,11 @@ handle_cmds(void) debugmsg("CMD_PASS received"); recv_data(fd_slave, &len, sizeof(len)); + if (len == 0 || len == SIZE_T_MAX) + fatalx("monitor received invalid pass length"); if ((pw = malloc(len + 1)) == NULL) fatalx("malloc: %m"); - if (len > 0) - recv_data(fd_slave, pw, len); + recv_data(fd_slave, pw, len); pw[len] = '\0'; preauth_slave_pid = slave_pid; |