From 2b76ba75a70740225ca8cb06627c163dffb20091 Mon Sep 17 00:00:00 2001
From: Alan Antonuk <alan.antonuk@gmail.com>
Date: Tue, 8 Mar 2016 19:41:29 -0800
Subject: Lib: check out of range args in amqp_*_close() fn.

Check for code parameter being between 0 -> UINT16_MAX in
amqp_connection_close() and amqp_channel_close() functions.
---
 librabbitmq/amqp_api.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/librabbitmq/amqp_api.c b/librabbitmq/amqp_api.c
index 9556ec5..ab60ee4 100644
--- a/librabbitmq/amqp_api.c
+++ b/librabbitmq/amqp_api.c
@@ -267,7 +267,11 @@ amqp_rpc_reply_t amqp_channel_close(amqp_connection_state_t state,
   amqp_method_number_t replies[2] = { AMQP_CHANNEL_CLOSE_OK_METHOD, 0};
   amqp_channel_close_t req;
 
-  req.reply_code = code;
+  if (code < 0 || code > UINT16_MAX) {
+    return amqp_rpc_reply_error(AMQP_STATUS_INVALID_PARAMETER);
+  }
+
+  req.reply_code = (uint16_t)code;
   req.reply_text.bytes = codestr;
   req.reply_text.len = sprintf(codestr, "%d", code);
   req.class_id = 0;
@@ -284,7 +288,11 @@ amqp_rpc_reply_t amqp_connection_close(amqp_connection_state_t state,
   amqp_method_number_t replies[2] = { AMQP_CONNECTION_CLOSE_OK_METHOD, 0};
   amqp_channel_close_t req;
 
-  req.reply_code = code;
+  if (code < 0 || code > UINT16_MAX) {
+    return amqp_rpc_reply_error(AMQP_STATUS_INVALID_PARAMETER);
+  }
+
+  req.reply_code = (uint16_t)code;
   req.reply_text.bytes = codestr;
   req.reply_text.len = sprintf(codestr, "%d", code);
   req.class_id = 0;
-- 
cgit v1.2.1