diff options
author | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-02-21 17:04:22 +0000 |
---|---|---|
committer | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2009-02-21 17:04:22 +0000 |
commit | 6b0f5967193ab3a827ac07d24bdf1c099135c381 (patch) | |
tree | ebbf951ad949fc526bb53e1b4df9a1eac57db9cd | |
parent | 60f2cec6468bd4ce1d9821d851c9758b4299635c (diff) | |
download | ruby-6b0f5967193ab3a827ac07d24bdf1c099135c381.tar.gz |
* ext/socket/ancdata.c (bsock_recvmsg_internal): check max length
overflow.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22491 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | ext/socket/ancdata.c | 6 |
2 files changed, 11 insertions, 0 deletions
@@ -1,3 +1,8 @@ +Sun Feb 22 02:03:46 2009 Tanaka Akira <akr@fsij.org> + + * ext/socket/ancdata.c (bsock_recvmsg_internal): check max length + overflow. + Sun Feb 22 01:52:30 2009 Tanaka Akira <akr@fsij.org> * ext/socket/ancdata.c (bsock_recvmsg_internal): don't call diff --git a/ext/socket/ancdata.c b/ext/socket/ancdata.c index 28f00649d7..e3f56fe50f 100644 --- a/ext/socket/ancdata.c +++ b/ext/socket/ancdata.c @@ -1313,6 +1313,8 @@ bsock_recvmsg_internal(int argc, VALUE *argv, VALUE sock, int nonblock) int grown = 0; #if defined(HAVE_ST_MSG_CONTROL) if (NIL_P(vmaxdatlen) && (mh.msg_flags & MSG_TRUNC)) { + if (SIZE_MAX/2 < maxdatlen) + rb_raise(rb_eArgError, "max data length too big"); maxdatlen *= 2; grown = 1; } @@ -1328,6 +1330,8 @@ bsock_recvmsg_internal(int argc, VALUE *argv, VALUE sock, int nonblock) } } else { + if (SIZE_MAX/2 < maxctllen) + rb_raise(rb_eArgError, "max control message length too big"); maxctllen *= 2; grown = 1; } @@ -1335,6 +1339,8 @@ bsock_recvmsg_internal(int argc, VALUE *argv, VALUE sock, int nonblock) } #else if (NIL_P(vmaxdatlen) && ss != -1 && ss == iov.iov_len) { + if (SIZE_MAX/2 < maxdatlen) + rb_raise(rb_eArgError, "max data length too big"); maxdatlen *= 2; grown = 1; } |