forked from enlightenment/efl
Evas/cserve2: Add some safety checks when reading socket messages
Fixes CID 1039571 and 1039572.
This commit is contained in:
parent
d8d5189003
commit
137383b532
|
@ -23,6 +23,10 @@ command_read(int fd, Slave_Command *cmd, void **params)
|
||||||
if (ret < (int)sizeof(int) * 2)
|
if (ret < (int)sizeof(int) * 2)
|
||||||
return EINA_FALSE;
|
return EINA_FALSE;
|
||||||
|
|
||||||
|
if(!((ints[0] > 0) && (ints[0] <= 0xFFFF) &&
|
||||||
|
(ints[1] >= 0) && (ints[1] < SLAVE_COMMAND_LAST)))
|
||||||
|
return EINA_FALSE;
|
||||||
|
|
||||||
size = ints[0];
|
size = ints[0];
|
||||||
buf = malloc(size);
|
buf = malloc(size);
|
||||||
if (!buf) return EINA_FALSE;
|
if (!buf) return EINA_FALSE;
|
||||||
|
|
|
@ -99,7 +99,8 @@ typedef enum {
|
||||||
FONT_LOAD,
|
FONT_LOAD,
|
||||||
FONT_GLYPHS_LOAD,
|
FONT_GLYPHS_LOAD,
|
||||||
SLAVE_QUIT,
|
SLAVE_QUIT,
|
||||||
ERROR
|
ERROR,
|
||||||
|
SLAVE_COMMAND_LAST
|
||||||
} Slave_Command;
|
} Slave_Command;
|
||||||
|
|
||||||
struct _Slave_Msg_Image_Open {
|
struct _Slave_Msg_Image_Open {
|
||||||
|
|
|
@ -188,6 +188,9 @@ command_read(int fd, Slave_Command *cmd, void **params)
|
||||||
if (ret < (int)sizeof(int) * 2)
|
if (ret < (int)sizeof(int) * 2)
|
||||||
return EINA_FALSE;
|
return EINA_FALSE;
|
||||||
|
|
||||||
|
EINA_SAFETY_ON_FALSE_RETURN_VAL((ints[0] > 0) && (ints[0] <= 0xFFFF), EINA_FALSE);
|
||||||
|
EINA_SAFETY_ON_FALSE_RETURN_VAL((ints[1] >= 0) && (ints[1] < SLAVE_COMMAND_LAST), EINA_FALSE);
|
||||||
|
|
||||||
size = ints[0];
|
size = ints[0];
|
||||||
buf = malloc(size);
|
buf = malloc(size);
|
||||||
if (!buf) return EINA_FALSE;
|
if (!buf) return EINA_FALSE;
|
||||||
|
|
Loading…
Reference in New Issue