de57db5cf2
Note that it does not work better than previous in-tree version but it will give us a better base to fix it. joint work with jasper@ most patches adapted from NetBSD fsusage patch from naddy@ ok jasper@
17 lines
533 B
Plaintext
17 lines
533 B
Plaintext
$OpenBSD: patch-src_daemon_gnuserv_c,v 1.3 2008/02/09 16:52:25 ajacoutot Exp $
|
|
--- src/daemon/gnuserv.c.orig Sat May 12 23:54:57 2007
|
|
+++ src/daemon/gnuserv.c Fri Dec 28 18:53:17 2007
|
|
@@ -206,6 +206,12 @@ permitted (u_long host_addr, int fd)
|
|
return FALSE;
|
|
}
|
|
|
|
+ if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
|
|
+ syslog_message(LOG_WARNING,
|
|
+ "Invalid data length supplied by client");
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
|
|
return FALSE;
|
|
|