diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-03-06 20:09:45 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-03-06 20:09:45 +0000 |
commit | 71f36e40e9cbaf1314fe2c3ba4c442ed0f4302a0 (patch) | |
tree | 3af0ab4323dcc18b924632820c0ebfda6a6215d2 | |
parent | 4d75a8bb64fc6d2874d1d62ec4211846853a13a9 (diff) | |
download | gnutls-71f36e40e9cbaf1314fe2c3ba4c442ed0f4302a0.tar.gz |
Corrected a broken buffer check in _gnutls_io_read_buffered()
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | lib/gnutls_buffers.c | 13 |
2 files changed, 11 insertions, 3 deletions
@@ -3,6 +3,7 @@ Version 0.9.1 serial number calculation in the record layer. - Added gnutls_certificate_free_keys() which deletes all the private keys and certificates from the credentials structure. +- Corrected a broken buffer check in _gnutls_io_read_buffered() Version 0.9.0 (03/03/2003) - This version is not binary compatible with the previous ones. diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 571e2f9803..e72ad00db4 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -330,8 +330,7 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t *iptr = session->internals.record_recv_buffer.data; - if ( sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0 - || (session->internals.record_recv_buffer.length+sizeOfPtr) > MAX_RECV_SIZE) + if ( sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0) { { gnutls_assert(); /* internal error */ return GNUTLS_E_INVALID_REQUEST; @@ -363,10 +362,18 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t * receive in order to return the requested data. */ recvdata = sizeOfPtr - min; + + /* Check if the previously read data plus the new data to + * receive are longer than the maximum receive buffer size. + */ + if ((session->internals.record_recv_buffer.length + recvdata) > MAX_RECV_SIZE) + { + gnutls_assert(); /* internal error */ + return GNUTLS_E_INVALID_REQUEST; + } /* Allocate the data required to store the new packet. */ - alloc_size = recvdata+session->internals.record_recv_buffer.length; session->internals.record_recv_buffer.data = gnutls_realloc_fast( session->internals.record_recv_buffer.data, alloc_size); |