git.shiar.nl
/
netris.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix buffer overflow vulnerability in NetGenFunc
[netris.git]
/
inet.c
diff --git
a/inet.c
b/inet.c
index dbfe7484f0d8b9bb2a65f956ce9afc7e9d979bb5..a8d9a9d9149c9b67e3c05516d1b040f970cad8f1 100644
(file)
--- a/
inet.c
+++ b/
inet.c
@@
-151,6
+151,9
@@
static MyEventType NetGenFunc(EventGenRec *gen, MyEvent *event)
memcpy(data, netBuf, sizeof(data));
type = ntoh2(data[0]);
size = ntoh2(data[1]);
memcpy(data, netBuf, sizeof(data));
type = ntoh2(data[0]);
size = ntoh2(data[1]);
+ if (size >= sizeof(netBuf))
+ fatal("Received an invalid packet (too large), possibly an attempt\n"
+ " to exploit a vulnerability in versions before 0.52 !");
netBufGoal = size;
if (netBufSize < netBufGoal)
return E_none;
netBufGoal = size;
if (netBufSize < netBufGoal)
return E_none;