fix some bounds checks
This commit is contained in:
Addison Crump
@@ -61,6 +61,11 @@ handle_parent_connection (int s)
|
|||||||
"Parent (%d) received command %lu from client.",
|
"Parent (%d) received command %lu from client.",
|
||||||
getpid (), cmnd->command);
|
getpid (), cmnd->command);
|
||||||
|
|
||||||
|
memset (resp, 0, sizeof (glibtop_response));
|
||||||
|
|
||||||
|
memset (parameter, 0, sizeof (parameter));
|
||||||
|
|
||||||
|
if (cmnd->data_size) {
|
||||||
if (cmnd->data_size >= BUFSIZ) {
|
if (cmnd->data_size >= BUFSIZ) {
|
||||||
syslog_message (LOG_WARNING,
|
syslog_message (LOG_WARNING,
|
||||||
"Client sent %lu bytes, but buffer is %lu",
|
"Client sent %lu bytes, but buffer is %lu",
|
||||||
@@ -68,18 +73,19 @@ handle_parent_connection (int s)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset (resp, 0, sizeof (glibtop_response));
|
|
||||||
|
|
||||||
memset (parameter, 0, sizeof (parameter));
|
|
||||||
|
|
||||||
if (cmnd->data_size) {
|
|
||||||
if (enable_debug)
|
if (enable_debug)
|
||||||
syslog_message (LOG_DEBUG, "Client has %lu bytes of data.",
|
syslog_message (LOG_DEBUG, "Client has %lu bytes of data.",
|
||||||
cmnd->data_size);
|
cmnd->data_size);
|
||||||
|
|
||||||
do_read (s, parameter, cmnd->data_size);
|
do_read (s, parameter, cmnd->data_size);
|
||||||
|
|
||||||
} else if (cmnd->size) {
|
} else if (cmnd->size) {
|
||||||
|
if (cmnd->size >= BUFSIZ) {
|
||||||
|
syslog_message (LOG_WARNING,
|
||||||
|
"Client sent %lu bytes, but buffer is %lu",
|
||||||
|
cmnd->size, (unsigned long)BUFSIZ);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
memcpy (parameter, cmnd->parameter, cmnd->size);
|
memcpy (parameter, cmnd->parameter, cmnd->size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -44,22 +44,26 @@ handle_slave_connection (int input, int output)
|
|||||||
glibtop_debug ("Slave %d received command "
|
glibtop_debug ("Slave %d received command "
|
||||||
"%lu from client.", getpid (), cmnd->command);
|
"%lu from client.", getpid (), cmnd->command);
|
||||||
|
|
||||||
if (cmnd->data_size >= BUFSIZ)
|
|
||||||
glibtop_error ("Client sent %lu bytes, "
|
|
||||||
"but buffer is %lu",
|
|
||||||
cmnd->size, (unsigned long)BUFSIZ);
|
|
||||||
|
|
||||||
memset (resp, 0, sizeof (glibtop_response));
|
memset (resp, 0, sizeof (glibtop_response));
|
||||||
|
|
||||||
memset (parameter, 0, sizeof (parameter));
|
memset (parameter, 0, sizeof (parameter));
|
||||||
|
|
||||||
if (cmnd->data_size) {
|
if (cmnd->data_size) {
|
||||||
|
if (cmnd->data_size >= BUFSIZ)
|
||||||
|
glibtop_error ("Client sent %lu bytes, "
|
||||||
|
"but buffer is %lu",
|
||||||
|
cmnd->data_size, (unsigned long)BUFSIZ);
|
||||||
|
|
||||||
glibtop_debug ("Client has %lu bytes of data.",
|
glibtop_debug ("Client has %lu bytes of data.",
|
||||||
cmnd->data_size);
|
cmnd->data_size);
|
||||||
|
|
||||||
do_read (input, parameter, cmnd->data_size);
|
do_read (input, parameter, cmnd->data_size);
|
||||||
|
|
||||||
} else if (cmnd->size) {
|
} else if (cmnd->size) {
|
||||||
|
if (cmnd->size >= BUFSIZ)
|
||||||
|
glibtop_error ("Client sent %lu bytes, "
|
||||||
|
"but buffer is %lu",
|
||||||
|
cmnd->size, (unsigned long)BUFSIZ);
|
||||||
|
|
||||||
memcpy (parameter, cmnd->parameter, cmnd->size);
|
memcpy (parameter, cmnd->parameter, cmnd->size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user