[pulseaudio-commits] r1448 - /trunk/src/pulsecore/protocol-native.c

[svnmailer-noreply at 0pointer.de]

Author: lennart
Date: Wed May 23 18:42:26 2007
New Revision: 1448

URL: http://0pointer.de/cgi-bin/viewcvs.cgi?rev=3D1448&root=3Dpulseaudio&vi=
ew=3Drev
Log:
Fix yet another DoS vulnerability, also identified Luigi Auriemma (re #67)

Modified:
    trunk/src/pulsecore/protocol-native.c

Modified: trunk/src/pulsecore/protocol-native.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/protocol-na=
tive.c?rev=3D1448&root=3Dpulseaudio&r1=3D1447&r2=3D1448&view=3Ddiff
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/src/pulsecore/protocol-native.c (original)
+++ trunk/src/pulsecore/protocol-native.c Wed May 23 18:42:26 2007
@@ -763,7 +763,8 @@
     CHECK_VALIDITY(c->pstream, pa_cvolume_valid(&volume), tag, PA_ERR_INVA=
LID);
     CHECK_VALIDITY(c->pstream, map.channels =3D=3D ss.channels && volume.c=
hannels =3D=3D ss.channels, tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, maxlength > 0 && maxlength <=3D MAX_MEMBLOC=
KQ_LENGTH, tag, PA_ERR_INVALID);
-
+    CHECK_VALIDITY(c->pstream, maxlength >=3D pa_frame_size(&ss), tag, PA_=
ERR_INVALID);
+    =

     if (sink_index !=3D PA_INVALID_INDEX) {
         sink =3D pa_idxset_get_by_index(c->protocol->core->sinks, sink_ind=
ex);
         CHECK_VALIDITY(c->pstream, sink, tag, PA_ERR_NOENTITY);