summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/encode_server.cc4
-rw-r--r--src/lib/encode_server_finder.cc5
2 files changed, 9 insertions, 0 deletions
diff --git a/src/lib/encode_server.cc b/src/lib/encode_server.cc
index 6501dcde1..036ea58a5 100644
--- a/src/lib/encode_server.cc
+++ b/src/lib/encode_server.cc
@@ -126,6 +126,10 @@ EncodeServer::process (shared_ptr<Socket> socket, struct timeval& after_read, st
Socket::ReadDigestScope ds (socket);
auto length = socket->read_uint32 ();
+ if (length > 65536) {
+ throw NetworkError("Malformed encode request (too large)");
+ }
+
scoped_array<char> buffer (new char[length]);
socket->read (reinterpret_cast<uint8_t*>(buffer.get()), length);
diff --git a/src/lib/encode_server_finder.cc b/src/lib/encode_server_finder.cc
index 3f5cb74f0..1d4ced595 100644
--- a/src/lib/encode_server_finder.cc
+++ b/src/lib/encode_server_finder.cc
@@ -227,6 +227,11 @@ EncodeServerFinder::handle_accept (boost::system::error_code ec)
_accept_socket->read (reinterpret_cast<uint8_t*>(&length), sizeof(uint32_t));
length = ntohl (length);
+ if (length > 65536) {
+ start_accept();
+ return;
+ }
+
scoped_array<char> buffer(new char[length]);
_accept_socket->read (reinterpret_cast<uint8_t*>(buffer.get()), length);
server_available = buffer.get();
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-13 02:18:15 +0000