diff options
| author | Amar Tumballi <amarts@redhat.com> | 2018-07-24 13:25:12 +0530 |
|---|---|---|
| committer | Amar Tumballi <amarts@redhat.com> | 2018-09-05 09:23:10 +0000 |
| commit | cc3271ebf3aacdbbc77fdd527375af78ab12ea8d (patch) | |
| tree | f8cd798c8d377f4c114b5e58e5203154161e72e6 | |
| parent | 69532c141be160b3fea03c1579ae4ac13018dcdf (diff) | |
dict: handle negative key/value length while unserialize
Fixes: bz#1625089
Change-Id: Ie56df0da46c242846a1ba51ccb9e011af118b119
Signed-off-by: Amar Tumballi <amarts@redhat.com>
| -rw-r--r-- | libglusterfs/src/dict.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/libglusterfs/src/dict.c b/libglusterfs/src/dict.c index 8849baf290a..5516a1f2132 100644 --- a/libglusterfs/src/dict.c +++ b/libglusterfs/src/dict.c @@ -3318,6 +3318,13 @@ dict_unserialize (char *orig_buf, int32_t size, dict_t **fill) vallen = ntoh32 (hostord); buf += DICT_DATA_HDR_VAL_LEN; + if ((keylen < 0) || (vallen < 0)) { + gf_msg_callingfn ("dict", GF_LOG_ERROR, 0, + LG_MSG_UNDERSIZED_BUF, + "undersized length passed " + "key:%d val:%d", keylen, vallen); + goto out; + } if ((buf + keylen) > (orig_buf + size)) { gf_msg_callingfn ("dict", GF_LOG_ERROR, 0, LG_MSG_UNDERSIZED_BUF, |