mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-05-04 16:24:21 +02:00
24 lines
828 B
Diff
24 lines
828 B
Diff
From 4337fd9fc2d2ea83654f2ca69245503730231ac3 Mon Sep 17 00:00:00 2001
|
|
From: iljavs <ivansprundel@ioactive.com>
|
|
Date: Mon, 27 Jun 2016 01:17:57 -0700
|
|
Subject: [PATCH] fix signedness issue
|
|
|
|
This commit fixes a signedness issue, where a negative vc coming from a malicious client could possibly cause memory corruption.
|
|
---
|
|
src/daemon/processconn.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/daemon/processconn.c b/src/daemon/processconn.c
|
|
index a5839a3..e92fa63 100644
|
|
--- a/src/daemon/processconn.c
|
|
+++ b/src/daemon/processconn.c
|
|
@@ -67,7 +67,8 @@ int processConn(int fd)
|
|
return -1;
|
|
}
|
|
|
|
- if((vc = request->vc) > MAX_VC) {
|
|
+ vc = request->vc;
|
|
+ if(vc > MAX_VC || vc < 0) {
|
|
gpm_report(GPM_PR_DEBUG, GPM_MESS_REQUEST_ON, vc, MAX_VC);
|
|
free(info);
|
|
close(newfd);
|