diff options
| author | cinap_lenrek <cinap_lenrek@gmx.de> | 2013-09-16 03:56:53 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@gmx.de> | 2013-09-16 03:56:53 +0200 |
| commit | b5aab824886fa8f441291340bdd4e187c562ddd0 (patch) | |
| tree | b0db45b1d9fc2831a2a2b54c7f09527f3872dd01 /sys/src/libauth | |
| parent | eee51d7720cea1a743545c4bab94bc04f93272fe (diff) | |
libauth: add sanity check for auth_proxy write size
Diffstat (limited to 'sys/src/libauth')
| -rw-r--r-- | sys/src/libauth/auth_proxy.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/src/libauth/auth_proxy.c b/sys/src/libauth/auth_proxy.c index c415c104d..f96350f50 100644 --- a/sys/src/libauth/auth_proxy.c +++ b/sys/src/libauth/auth_proxy.c @@ -157,9 +157,10 @@ fauth_proxy(int fd, AuthRpc *rpc, AuthGetkey *getkey, char *params) n = 0; memset(buf, 0, AuthRpcMax); while((ret = dorpc(rpc, "write", buf, n, getkey)) == ARtoosmall){ - if(atoi(rpc->arg) > AuthRpcMax) + m = atoi(rpc->arg); + if(m <= n || m > AuthRpcMax) break; - m = read(fd, buf + n, atoi(rpc->arg) - n); + m = read(fd, buf + n, m - n); if(m <= 0){ if(m == 0) werrstr("auth_proxy short read: %s", |