diff options
author | Alan Antonuk <alan.antonuk@gmail.com> | 2018-01-09 22:45:19 -0800 |
---|---|---|
committer | Alan Antonuk <alan.antonuk@gmail.com> | 2018-01-09 22:47:04 -0800 |
commit | 8ab25ab6772857336f1e11ae64dacd091ce371c2 (patch) | |
tree | 58d70af5a22cbc94a54dfe0e16dbb63a881ea568 | |
parent | 9f986a89ed02dcb24190528829803943fc5e36fb (diff) | |
download | rabbitmq-c-8ab25ab6772857336f1e11ae64dacd091ce371c2.tar.gz |
Lib: check encoded table length isn't too long
Check encoded table length isn't longer than the encoded buffer.
Fixes CID 1383630 caught by Coverity.
-rw-r--r-- | librabbitmq/amqp_table.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/librabbitmq/amqp_table.c b/librabbitmq/amqp_table.c index 1cb0d6b..24b087c 100644 --- a/librabbitmq/amqp_table.c +++ b/librabbitmq/amqp_table.c @@ -135,6 +135,10 @@ int amqp_decode_table(amqp_bytes_t encoded, amqp_pool_t *pool, return AMQP_STATUS_BAD_AMQP_DATA; } + if (tablesize + *offset > encoded.len) { + return AMQP_STATUS_BAD_AMQP_DATA; + } + entries = malloc(allocated_entries * sizeof(amqp_table_entry_t)); if (entries == NULL) { return AMQP_STATUS_NO_MEMORY; |