mirrors/wayland
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/wayland/wayland.git synced 2025-10-29 05:40:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

connection: fix buffer-overflow in build_cmsg()

Browse source 
Same problem as we had with close_fds(). We cannot rely on the fds_out
buffer being filled with less than MAX_FDS_OUT file descriptors.
Therefore, write at most MAX_FDS_OUT file-descriptors to the outgoing
buffer.

Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
This commit is contained in:
David Herrmann 2012-10-11 23:37:48 +02:00 committed by Kristian Høgsberg
parent 5bae0650ba
commit 0b399b8d68
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/connection.c
View file

@ -214,6 +214,9 @@ build_cmsg(struct wl_buffer *buffer, char *data, int *clen)
size_t size;
size = buffer->head - buffer->tail;
if (size > MAX_FDS_OUT * sizeof(int32_t))
size = MAX_FDS_OUT * sizeof(int32_t);
if (size > 0) {
cmsg = (struct cmsghdr *) data;
cmsg->cmsg_level = SOL_SOCKET;