From 39ed446e1513c52f795d090fc9b1f173c0912d6a Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Tue, 10 Sep 2013 16:00:30 -0700 Subject: VUL: fix some possible buffer overruns --- common/parse.h | 3 +++ common/trans.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'common') diff --git a/common/parse.h b/common/parse.h index 3ec37104..69a57ff8 100644 --- a/common/parse.h +++ b/common/parse.h @@ -55,6 +55,9 @@ struct stream /******************************************************************************/ #define s_check_rem(s, n) ((s)->p + (n) <= (s)->end) +/******************************************************************************/ +#define s_check_rem_out(s, n) ((s)->p + (n) <= (s)->data + (s)->size) + /******************************************************************************/ #define s_check_end(s) ((s)->p == (s)->end) diff --git a/common/trans.c b/common/trans.c index 0b672168..8313b606 100644 --- a/common/trans.c +++ b/common/trans.c @@ -221,8 +221,12 @@ trans_force_read_s(struct trans *self, struct stream *in_s, int size) while (size > 0) { + /* make sure stream has room */ + if ((in_s->end + size) > (in_s->data + in_s->size)) + { + return 1; + } rcvd = g_tcp_recv(self->sck, in_s->end, size, 0); - if (rcvd == -1) { if (g_tcp_last_error_would_block(self->sck)) -- cgit v1.2.1