VUL: fix some possible buffer overruns

2 files changed, 8 insertions, 1 deletions

diff --git a/common/parse.h b/common/parse.h
index 3ec37104..69a57ff8 100644
--- a/common/parse.h
+++ b/common/parse.h
@@ -56,6 +56,9 @@ struct stream
 #define s_check_rem(s, n) ((s)->p + (n) <= (s)->end)
 
 /******************************************************************************/
+#define s_check_rem_out(s, n) ((s)->p + (n) <= (s)->data + (s)->size)
+
+/******************************************************************************/
 #define s_check_end(s) ((s)->p == (s)->end)
 
 /******************************************************************************/
diff --git a/common/trans.c b/common/trans.c
index 0b672168..8313b606 100644
--- a/common/trans.c
+++ b/common/trans.c
@@ -221,8 +221,12 @@ trans_force_read_s(struct trans *self, struct stream *in_s, int size)
 
     while (size > 0)
     {
+        /* make sure stream has room */
+        if ((in_s->end + size) > (in_s->data + in_s->size))
+        {
+            return 1;
+        }
         rcvd = g_tcp_recv(self->sck, in_s->end, size, 0);
-
         if (rcvd == -1)
         {
             if (g_tcp_last_error_would_block(self->sck))