mirrors/wayland
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/wayland/wayland.git synced 2025-11-17 06:59:46 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

connection: return error on buffer-overflow during read

Browse source 
wl_connection_read() assumes that the caller dispatched all messages
before calling it. wl_buffer_put_iov() does only provide enough room so we
fill the buffer. So the only case when the buffer overflows, is when a
previous read filled up the buffer but we couldn't parse a single message
from it. In this case, the client sent a message bigger than our buffer
and we should return an error and close the connection.

krh: Edited from Davids original patch to just check that the buffer
 isn't full before we try reading into it.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
This commit is contained in:
Kristian Høgsberg 2012-10-15 17:19:38 -04:00
parent ad03a59f5c
commit 04720307e9
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/connection.c
View file

@ -314,6 +314,11 @@ wl_connection_read(struct wl_connection *connection)
char cmsg[CLEN];
int len, count, ret;
if (wl_buffer_size(&connection->in) >= sizeof(connection->in.data)) {
errno = EOVERFLOW;
return -1;
}
wl_buffer_put_iov(&connection->in, iov, &count);
msg.msg_name = NULL;