summaryrefslogtreecommitdiffstats
path: root/server/nss/nsssrv_packet.c
diff options
context:
space:
mode:
Diffstat (limited to 'server/nss/nsssrv_packet.c')
-rw-r--r--server/nss/nsssrv_packet.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/server/nss/nsssrv_packet.c b/server/nss/nsssrv_packet.c
index c15f5c764..07cc2ff8a 100644
--- a/server/nss/nsssrv_packet.c
+++ b/server/nss/nsssrv_packet.c
@@ -50,9 +50,6 @@ struct nss_packet {
*
* - if size is defined use it otherwise the default packet will be
* NSSSRV_PACKET_MEM_SIZE bytes.
- * - if buf is provided also give back the pointer to the base of
- * the buffer (the header), so that a packet can be written into
- * firecgtly from the wire
*/
int nss_packet_new(TALLOC_CTX *mem_ctx, size_t size,
enum sss_nss_command cmd,
@@ -142,8 +139,13 @@ int nss_packet_recv(struct nss_packet *packet, int fd)
void *buf;
buf = packet->buffer + packet->iop;
- if (packet->iop > 4) len = *packet->len;
- else len = packet->memsize;
+ if (packet->iop > 4) len = *packet->len - packet->iop;
+ else len = packet->memsize - packet->iop;
+
+ /* check for wrapping */
+ if (len > packet->memsize) {
+ return EINVAL;
+ }
errno = 0;
rb = recv(fd, buf, len, 0);
@@ -156,6 +158,10 @@ int nss_packet_recv(struct nss_packet *packet, int fd)
return EIO;
}
+ if (packet->len > packet->memsize) {
+ return EINVAL;
+ }
+
packet->iop += rb;
if (packet->iop < 4) {
return EAGAIN;
generated by cgit (git 2.34.1) at 2024-05-21 08:25:30 +0000