forked from enlightenment/efl
Evas/cserve2: Add some safety checks when reading socket messages
Fixes CID 1039571 and 1039572.
This commit is contained in:
parent
d8d5189003
commit
137383b532
|
@ -23,6 +23,10 @@ command_read(int fd, Slave_Command *cmd, void **params)
|
|||
if (ret < (int)sizeof(int) * 2)
|
||||
return EINA_FALSE;
|
||||
|
||||
if(!((ints[0] > 0) && (ints[0] <= 0xFFFF) &&
|
||||
(ints[1] >= 0) && (ints[1] < SLAVE_COMMAND_LAST)))
|
||||
return EINA_FALSE;
|
||||
|
||||
size = ints[0];
|
||||
buf = malloc(size);
|
||||
if (!buf) return EINA_FALSE;
|
||||
|
|
|
@ -99,7 +99,8 @@ typedef enum {
|
|||
FONT_LOAD,
|
||||
FONT_GLYPHS_LOAD,
|
||||
SLAVE_QUIT,
|
||||
ERROR
|
||||
ERROR,
|
||||
SLAVE_COMMAND_LAST
|
||||
} Slave_Command;
|
||||
|
||||
struct _Slave_Msg_Image_Open {
|
||||
|
|
|
@ -188,6 +188,9 @@ command_read(int fd, Slave_Command *cmd, void **params)
|
|||
if (ret < (int)sizeof(int) * 2)
|
||||
return EINA_FALSE;
|
||||
|
||||
EINA_SAFETY_ON_FALSE_RETURN_VAL((ints[0] > 0) && (ints[0] <= 0xFFFF), EINA_FALSE);
|
||||
EINA_SAFETY_ON_FALSE_RETURN_VAL((ints[1] >= 0) && (ints[1] < SLAVE_COMMAND_LAST), EINA_FALSE);
|
||||
|
||||
size = ints[0];
|
||||
buf = malloc(size);
|
||||
if (!buf) return EINA_FALSE;
|
||||
|
|
Loading…
Reference in New Issue