Check some unsanitized network inputs before allocating memory using them.

author: Carl Hetherington <cth@carlh.net> 2023-10-28 23:03:24 +0200
committer: Carl Hetherington <cth@carlh.net> 2023-10-28 23:03:24 +0200
commit: 79ae795c797bae0d6fe94ff0238e082c582eb768 (patch)
tree: 38f6e5dbd3a71e7cb0fd93d5cc9a7b80634ddbe0 /src/lib/encode_server.cc
parent: 52aac111699ffbf679b4fc5722be893d41568394 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/encode_server.cc b/src/lib/encode_server.cc
index 6501dcde1..036ea58a5 100644
--- a/src/lib/encode_server.cc
+++ b/src/lib/encode_server.cc
@@ -126,6 +126,10 @@ EncodeServer::process (shared_ptr<Socket> socket, struct timeval& after_read, st
 	Socket::ReadDigestScope ds (socket);
 
 	auto length = socket->read_uint32 ();
+	if (length > 65536) {
+		throw NetworkError("Malformed encode request (too large)");
+	}
+
 	scoped_array<char> buffer (new char[length]);
 	socket->read (reinterpret_cast<uint8_t*>(buffer.get()), length);
author	Carl Hetherington <cth@carlh.net>	2023-10-28 23:03:24 +0200
committer	Carl Hetherington <cth@carlh.net>	2023-10-28 23:03:24 +0200
commit	79ae795c797bae0d6fe94ff0238e082c582eb768 (patch)
tree	38f6e5dbd3a71e7cb0fd93d5cc9a7b80634ddbe0 /src/lib/encode_server.cc
parent	52aac111699ffbf679b4fc5722be893d41568394 (diff)