17 lines
530 B
Plaintext
17 lines
530 B
Plaintext
$OpenBSD: patch-src_daemon_gnuserv_c,v 1.2 2007/02/21 17:27:54 steven Exp $
|
|
--- src/daemon/gnuserv.c.orig Tue Jan 2 23:50:27 2007
|
|
+++ src/daemon/gnuserv.c Sun Feb 18 20:23:18 2007
|
|
@@ -207,6 +207,12 @@ permitted (u_long host_addr, int fd)
|
|
return FALSE;
|
|
}
|
|
|
|
+ if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
|
|
+ syslog_message(LOG_WARNING,
|
|
+ "Invalid data length supplied by client");
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
|
|
return FALSE;
|
|
|