From 79ae795c797bae0d6fe94ff0238e082c582eb768 Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Sat, 28 Oct 2023 23:03:24 +0200
Subject: Check some unsanitized network inputs before allocating memory using
 them.

---
 src/lib/encode_server.cc | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/lib/encode_server.cc')

diff --git a/src/lib/encode_server.cc b/src/lib/encode_server.cc
index 6501dcde1..036ea58a5 100644
--- a/src/lib/encode_server.cc
+++ b/src/lib/encode_server.cc
@@ -126,6 +126,10 @@ EncodeServer::process (shared_ptr<Socket> socket, struct timeval& after_read, st
 	Socket::ReadDigestScope ds (socket);
 
 	auto length = socket->read_uint32 ();
+	if (length > 65536) {
+		throw NetworkError("Malformed encode request (too large)");
+	}
+
 	scoped_array<char> buffer (new char[length]);
 	socket->read (reinterpret_cast<uint8_t*>(buffer.get()), length);
 
-- 
cgit v1.2.3