diff options
author | Amar Tumballi <amarts@redhat.com> | 2018-07-24 13:25:12 +0530 |
---|---|---|
committer | jiffin tony Thottan <jthottan@redhat.com> | 2018-09-06 15:53:56 +0000 |
commit | e1461a27e98980dde85c1a506eef514d8cefda4b (patch) | |
tree | bd24562c3e16a196c241ecc81394ed7e4f7e6106 /libglusterfs | |
parent | 846ab3c294ff1926e28f367352314789aacc0459 (diff) |
dict: handle negative key/value length while unserialize
Change-Id: Ie56df0da46c242846a1ba51ccb9e011af118b119
BUG: 1625656
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Diffstat (limited to 'libglusterfs')
-rw-r--r-- | libglusterfs/src/dict.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/libglusterfs/src/dict.c b/libglusterfs/src/dict.c index 6c3fc164d8e..03a220a8218 100644 --- a/libglusterfs/src/dict.c +++ b/libglusterfs/src/dict.c @@ -2813,7 +2813,8 @@ dict_unserialize (char *orig_buf, int32_t size, dict_t **fill) vallen = ntoh32 (hostord); buf += DICT_DATA_HDR_VAL_LEN; - if ((buf + keylen) > (orig_buf + size)) { + if ((keylen < 0) || (vallen < 0) || + (buf + keylen) > (orig_buf + size)) { gf_msg_callingfn ("dict", GF_LOG_ERROR, 0, LG_MSG_UNDERSIZED_BUF, "undersized buffer passed. " |