diff options
| author | Alexandre Ratchov <ratchov@cvs.openbsd.org> | 2024-08-01 14:36:28 +0000 |
|---|---|---|
| committer | Alexandre Ratchov <ratchov@cvs.openbsd.org> | 2024-08-01 14:36:28 +0000 |
| commit | f2ccc5e1207e31de27ae9e588a03ff5b44cd02c0 (patch) | |
| tree | 49b0ddf38312344596afaaf6cdf2d945010e9737 /usr.bin | |
| parent | a2777c6a8355282cfa4209a34d81e98a3cd5bb9f (diff) | |
sndiod: Fix insufficent check of input from clients
Fixes possible sndiod(8) crashes caused by a global table overread
triggered by the client.
Found and analysed by Henry Ford <henryfordkjv at gmail.com>, thanks!
ok blumh, help from millert, mlarkin
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/sndiod/sock.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.bin/sndiod/sock.c b/usr.bin/sndiod/sock.c index 86a78cb67e8..969ea9f0f2d 100644 --- a/usr.bin/sndiod/sock.c +++ b/usr.bin/sndiod/sock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sock.c,v 1.49 2024/05/24 15:16:09 ratchov Exp $ */ +/* $OpenBSD: sock.c,v 1.50 2024/08/01 14:36:27 ratchov Exp $ */ /* * Copyright (c) 2008-2012 Alexandre Ratchov <alex@caoua.org> * @@ -986,7 +986,7 @@ sock_execmsg(struct sock *f) struct slot *s = f->slot; struct amsg *m = &f->rmsg; unsigned char *data; - int size, ctl; + unsigned int size, ctl; int cmd; cmd = ntohl(m->cmd); @@ -1020,7 +1020,7 @@ sock_execmsg(struct sock *f) return 0; } size = ntohl(m->u.data.size); - if (size <= 0) { + if (size == 0) { #ifdef DEBUG if (log_level >= 1) { sock_log(f); |