summaryrefslogtreecommitdiffstats
path: root/src/responder/autofs/autofssrv_cmd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/responder/autofs/autofssrv_cmd.c')
-rw-r--r--src/responder/autofs/autofssrv_cmd.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/responder/autofs/autofssrv_cmd.c b/src/responder/autofs/autofssrv_cmd.c
index 8123db2a4..9abb0ca19 100644
--- a/src/responder/autofs/autofssrv_cmd.c
+++ b/src/responder/autofs/autofssrv_cmd.c
@@ -853,7 +853,7 @@ sss_autofs_cmd_getautomntent(struct cli_ctx *client)
SAFEALIGN_COPY_UINT32_CHECK(&namelen, body+c, blen, &c);
- if (namelen == 0) {
+ if (namelen == 0 || namelen > blen - c) {
ret = EINVAL;
goto done;
}
@@ -1128,7 +1128,7 @@ sss_autofs_cmd_getautomntbyname(struct cli_ctx *client)
/* FIXME - split out a function to get string from <len><str>\0 */
SAFEALIGN_COPY_UINT32_CHECK(&namelen, body+c, blen, &c);
- if (namelen == 0) {
+ if (namelen == 0 || namelen > blen - c) {
ret = EINVAL;
goto done;
}
@@ -1152,7 +1152,7 @@ sss_autofs_cmd_getautomntbyname(struct cli_ctx *client)
/* FIXME - split out a function to get string from <len><str>\0 */
SAFEALIGN_COPY_UINT32_CHECK(&keylen, body+c, blen, &c);
- if (keylen == 0) {
+ if (keylen == 0 || keylen > blen - c) {
ret = EINVAL;
goto done;
}
generated by cgit (git 2.34.1) at 2024-05-04 00:24:14 +0000