From 5d20e3028a2d6ede203a39f40d2df82b3855d9f6 Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Thu, 25 Nov 2021 09:48:34 +0100 Subject: [PATCH] pulse-server: avoid reading past the message size We can't really get into this situation but it is a good idea to check that we don't try to read past the message length. --- src/modules/module-protocol-pulse/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module-protocol-pulse/server.c b/src/modules/module-protocol-pulse/server.c index eb8ef9de9..6417d1f82 100644 --- a/src/modules/module-protocol-pulse/server.c +++ b/src/modules/module-protocol-pulse/server.c @@ -195,7 +195,7 @@ static int do_read(struct client *client) } else { uint32_t idx = client->in_index - sizeof(client->desc); - if (client->message == NULL) { + if (client->message == NULL || client->message->length < idx) { res = -EPROTO; goto exit; }