DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-04 05:55:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Don't read uninitialized memory in client packet length check

Browse Source 
Before calling PKL_ReplyLength() check that the packet has full header.
This didn't change the outcome of the test if the packet was shorter as
the invalid result from PKL_ReplyLength() was either larger than length
of the packet or smaller than header length, failing the length check in
both cases.
This commit is contained in:
Miroslav Lichvar
2014-01-21 18:45:56 +01:00
parent 0f3e464202
commit 2fc3525fdf
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
client.c
View File

@@ -1366,7 +1366,11 @@ submit_request(CMD_Request *request, CMD_Reply *reply, int *reply_auth_ok)
} else { } else {
read_length = recvfrom_status; read_length = recvfrom_status;
if (read_length >= offsetof(CMD_Reply, data)) {
expected_length = PKL_ReplyLength(reply); expected_length = PKL_ReplyLength(reply);
} else {
expected_length = 0;
}
bad_length = (read_length < expected_length || bad_length = (read_length < expected_length ||
expected_length < offsetof(CMD_Reply, data)); expected_length < offsetof(CMD_Reply, data));