Commit 9b11acdb authored by Per Cederqvist's avatar Per Cederqvist
Browse files

(prot_a_parse_string): Check for overflow when parsing the string

	length.  Logout the current client if the string length
	supplied is so large that it becomes a negative number.
parent fed33965
/*
* $Id: prot-a-parse.c,v 0.19 1995/01/01 20:17:24 ceder Exp $
* $Id: prot-a-parse.c,v 0.20 1995/10/23 06:55:44 ceder Exp $
* Copyright (C) 1991, 1992, 1993, 1994, 1995 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -28,7 +28,7 @@
* BUG: Not all functions are used, I think. /ceder
*/
static char *rcsid = "$Id: prot-a-parse.c,v 0.19 1995/01/01 20:17:24 ceder Exp $";
static char *rcsid = "$Id: prot-a-parse.c,v 0.20 1995/10/23 06:55:44 ceder Exp $";
#include "rcs.h"
USE(rcsid);
......@@ -36,10 +36,12 @@ USE(rcsid);
#include <setjmp.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#ifdef HAVE_STDARG_H
# include <stdarg.h>
#endif
#include "debug.h"
#include "s-string.h"
#include "kom-types.h"
#include "com.h"
......@@ -47,9 +49,13 @@ USE(rcsid);
#include "prot-a-parse.h"
#include "isc-parse.h"
#include "config.h"
#include "isc-interface.h"
#include "mux.h"
#include "log.h"
#include "minmax.h"
BUGDECL;
/*
* Return next token from the input stream. Note that the String returned
* by this call points into data that might be freed by the next call to
......@@ -186,6 +192,14 @@ prot_a_parse_string(Connection *client,
longjmp(parse_env, ISC_MSG_INCOMPLETE);
}
if (client_len < 0)
{
mux_printf(client, "%%%%Insane string length.\n");
mux_flush(client);
BUG(("%%%%Insane string length.\n"));
longjmp(parse_env, ISC_LOGOUT);
}
/* Check that
a) there is a trailing H
b) there was at least one digit before the H */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment