[pulseaudio-commits] r1446 - /trunk/src/pulsecore/pstream.c
svnmailer-noreply at 0pointer.de
svnmailer-noreply at 0pointer.de
Wed May 23 09:29:25 PDT 2007
Author: lennart
Date: Wed May 23 18:29:18 2007
New Revision: 1446
URL: http://0pointer.de/cgi-bin/viewcvs.cgi?rev=3D1446&root=3Dpulseaudio&vi=
ew=3Drev
Log:
Fix another DoS vulnerability, also identified Luigi Auriemma (closes #67)
Modified:
trunk/src/pulsecore/pstream.c
Modified: trunk/src/pulsecore/pstream.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/pstream.c?r=
ev=3D1446&root=3Dpulseaudio&r1=3D1445&r2=3D1446&view=3Ddiff
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/src/pulsecore/pstream.c (original)
+++ trunk/src/pulsecore/pstream.c Wed May 23 18:29:18 2007
@@ -662,7 +662,7 @@
=
length =3D ntohl(p->read.descriptor[PA_PSTREAM_DESCRIPTOR_LENGTH]);
=
- if (length > FRAME_SIZE_MAX_ALLOW) {
+ if (length > FRAME_SIZE_MAX_ALLOW || length <=3D 0) {
pa_log_warn("Recieved invalid frame size : %lu", (unsigned lon=
g) length);
return -1;
}
More information about the pulseaudio-commits
mailing list