From 67ac3f7c529a47d36ec8fa1f4417d2042d0b23f7 Mon Sep 17 00:00:00 2001
From: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 21 Feb 2009 17:04:22 +0000
Subject: * ext/socket/ancdata.c (bsock_recvmsg_internal): check max length  
 overflow.

git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@22491 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/socket/ancdata.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ext/socket')

diff --git a/ext/socket/ancdata.c b/ext/socket/ancdata.c
index 28f00649d..e3f56fe50 100644
--- a/ext/socket/ancdata.c
+++ b/ext/socket/ancdata.c
@@ -1313,6 +1313,8 @@ bsock_recvmsg_internal(int argc, VALUE *argv, VALUE sock, int nonblock)
 	int grown = 0;
 #if defined(HAVE_ST_MSG_CONTROL)
         if (NIL_P(vmaxdatlen) && (mh.msg_flags & MSG_TRUNC)) {
+            if (SIZE_MAX/2 < maxdatlen)
+                rb_raise(rb_eArgError, "max data length too big");
 	    maxdatlen *= 2;
 	    grown = 1;
 	}
@@ -1328,6 +1330,8 @@ bsock_recvmsg_internal(int argc, VALUE *argv, VALUE sock, int nonblock)
 		}
             }
             else {
+                if (SIZE_MAX/2 < maxctllen)
+                    rb_raise(rb_eArgError, "max control message length too big");
                 maxctllen *= 2;
                 grown = 1;
             }
@@ -1335,6 +1339,8 @@ bsock_recvmsg_internal(int argc, VALUE *argv, VALUE sock, int nonblock)
 	}
 #else
 	if (NIL_P(vmaxdatlen) && ss != -1 && ss == iov.iov_len) {
+            if (SIZE_MAX/2 < maxdatlen)
+                rb_raise(rb_eArgError, "max data length too big");
 	    maxdatlen *= 2;
 	    grown = 1;
 	}
-- 
cgit