faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't read uninitialized memory in client packet length check

Browse source 
Before calling PKL_ReplyLength() check that the packet has full header.
This didn't change the outcome of the test if the packet was shorter as
the invalid result from PKL_ReplyLength() was either larger than length
of the packet or smaller than header length, failing the length check in
both cases.
This commit is contained in:
Miroslav Lichvar 2014-01-21 18:45:56 +01:00
parent 0f3e464202
commit 2fc3525fdf
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
client.c
View file

@ -1366,7 +1366,11 @@ submit_request(CMD_Request *request, CMD_Reply *reply, int *reply_auth_ok)
} else {
read_length = recvfrom_status;
expected_length = PKL_ReplyLength(reply);
if (read_length >= offsetof(CMD_Reply, data)) {
expected_length = PKL_ReplyLength(reply);
} else {
expected_length = 0;
}
bad_length = (read_length < expected_length ||
expected_length < offsetof(CMD_Reply, data));