Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-8h98-h426-xf32
Add lower bound to sesman data input size check
  • Loading branch information
metalefty committed Feb 7, 2022
2 parents 934a91f + eb4a8e3 commit 4def30a
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions sesman/sesman.c
Expand Up @@ -276,16 +276,17 @@ sesman_close_all(void)
static int
sesman_data_in(struct trans *self)
{
#define HEADER_SIZE 8
int version;
int size;

if (self->extra_flags == 0)
{
in_uint32_be(self->in_s, version);
in_uint32_be(self->in_s, size);
if (size > self->in_s->size)
if (size < HEADER_SIZE || size > self->in_s->size)
{
LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size");
LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size %d", size);
return 1;
}
self->header_size = size;
Expand All @@ -302,11 +303,12 @@ sesman_data_in(struct trans *self)
return 1;
}
/* reset for next message */
self->header_size = 8;
self->header_size = HEADER_SIZE;
self->extra_flags = 0;
init_stream(self->in_s, 0); /* Reset input stream pointers */
}
return 0;
#undef HEADER_SIZE
}

/******************************************************************************/
Expand Down

0 comments on commit 4def30a

Please sign in to comment.