Check some unsanitized network inputs before allocating memory using them.

author: Carl Hetherington <cth@carlh.net> 2023-10-28 23:03:24 +0200
committer: Carl Hetherington <cth@carlh.net> 2023-10-28 23:03:24 +0200
commit: 79ae795c797bae0d6fe94ff0238e082c582eb768 (patch)
tree: 38f6e5dbd3a71e7cb0fd93d5cc9a7b80634ddbe0 /src/tools/dcpomatic_player.cc
parent: 52aac111699ffbf679b4fc5722be893d41568394 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/src/tools/dcpomatic_player.cc b/src/tools/dcpomatic_player.cc
index 88b0f839d..5dd0a0afe 100644
--- a/src/tools/dcpomatic_player.cc
+++ b/src/tools/dcpomatic_player.cc
@@ -1140,7 +1140,10 @@ public:
 	void handle (shared_ptr<Socket> socket) override
 	{
 		try {
-			int const length = socket->read_uint32 ();
+			uint32_t const length = socket->read_uint32 ();
+			if (length > 65536) {
+				return;
+			}
 			scoped_array<char> buffer (new char[length]);
 			socket->read (reinterpret_cast<uint8_t*> (buffer.get()), length);
 			string s (buffer.get());
author	Carl Hetherington <cth@carlh.net>	2023-10-28 23:03:24 +0200
committer	Carl Hetherington <cth@carlh.net>	2023-10-28 23:03:24 +0200
commit	79ae795c797bae0d6fe94ff0238e082c582eb768 (patch)
tree	38f6e5dbd3a71e7cb0fd93d5cc9a7b80634ddbe0 /src/tools/dcpomatic_player.cc
parent	52aac111699ffbf679b4fc5722be893d41568394 (diff)