summaryrefslogtreecommitdiff
path: root/src/bin
diff options
context:
space:
mode:
authorJean-Philippe Andre <jp.andre@samsung.com>2014-01-14 17:36:54 +0900
committerJean-Philippe Andre <jp.andre@samsung.com>2014-01-15 16:06:08 +0900
commit137383b53266d6380c0e89103a90038e1d461e86 (patch)
tree01ef5f7791c02b03b8ac16fa5a742856e17575f8 /src/bin
parentd8d5189003e59b3f68223a6cddcd025d826b6deb (diff)
Evas/cserve2: Add some safety checks when reading socket messages
Fixes CID 1039571 and 1039572.
Diffstat (limited to 'src/bin')
-rw-r--r--src/bin/evas/dummy_slave.c4
-rw-r--r--src/bin/evas/evas_cserve2.h3
-rw-r--r--src/bin/evas/evas_cserve2_slave.c3
3 files changed, 9 insertions, 1 deletions
diff --git a/src/bin/evas/dummy_slave.c b/src/bin/evas/dummy_slave.c
index 9b5638053b..fb57250681 100644
--- a/src/bin/evas/dummy_slave.c
+++ b/src/bin/evas/dummy_slave.c
@@ -23,6 +23,10 @@ command_read(int fd, Slave_Command *cmd, void **params)
23 if (ret < (int)sizeof(int) * 2) 23 if (ret < (int)sizeof(int) * 2)
24 return EINA_FALSE; 24 return EINA_FALSE;
25 25
26 if(!((ints[0] > 0) && (ints[0] <= 0xFFFF) &&
27 (ints[1] >= 0) && (ints[1] < SLAVE_COMMAND_LAST)))
28 return EINA_FALSE;
29
26 size = ints[0]; 30 size = ints[0];
27 buf = malloc(size); 31 buf = malloc(size);
28 if (!buf) return EINA_FALSE; 32 if (!buf) return EINA_FALSE;
diff --git a/src/bin/evas/evas_cserve2.h b/src/bin/evas/evas_cserve2.h
index 86b3f8ca3b..2369857666 100644
--- a/src/bin/evas/evas_cserve2.h
+++ b/src/bin/evas/evas_cserve2.h
@@ -99,7 +99,8 @@ typedef enum {
99 FONT_LOAD, 99 FONT_LOAD,
100 FONT_GLYPHS_LOAD, 100 FONT_GLYPHS_LOAD,
101 SLAVE_QUIT, 101 SLAVE_QUIT,
102 ERROR 102 ERROR,
103 SLAVE_COMMAND_LAST
103} Slave_Command; 104} Slave_Command;
104 105
105struct _Slave_Msg_Image_Open { 106struct _Slave_Msg_Image_Open {
diff --git a/src/bin/evas/evas_cserve2_slave.c b/src/bin/evas/evas_cserve2_slave.c
index 45d19df0ff..907b97ccc8 100644
--- a/src/bin/evas/evas_cserve2_slave.c
+++ b/src/bin/evas/evas_cserve2_slave.c
@@ -188,6 +188,9 @@ command_read(int fd, Slave_Command *cmd, void **params)
188 if (ret < (int)sizeof(int) * 2) 188 if (ret < (int)sizeof(int) * 2)
189 return EINA_FALSE; 189 return EINA_FALSE;
190 190
191 EINA_SAFETY_ON_FALSE_RETURN_VAL((ints[0] > 0) && (ints[0] <= 0xFFFF), EINA_FALSE);
192 EINA_SAFETY_ON_FALSE_RETURN_VAL((ints[1] >= 0) && (ints[1] < SLAVE_COMMAND_LAST), EINA_FALSE);
193
191 size = ints[0]; 194 size = ints[0];
192 buf = malloc(size); 195 buf = malloc(size);
193 if (!buf) return EINA_FALSE; 196 if (!buf) return EINA_FALSE;