From 8a814a5596e9d8db1c24326715f794ae46966b3b Mon Sep 17 00:00:00 2001 From: Asanka Herath Date: Sun, 10 Jun 2007 06:52:51 +0000 Subject: [PATCH] windows-pioctl-buffer-overrun-20070609 this patch protects against a buffer overrun in the client if the server were to send more data than the receiving buffer can hold. --- src/sys/pioctl_nt.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/sys/pioctl_nt.c b/src/sys/pioctl_nt.c index 05486c713..8f2b940d3 100644 --- a/src/sys/pioctl_nt.c +++ b/src/sys/pioctl_nt.c @@ -991,6 +991,10 @@ pioctl(char *pathp, long opcode, struct ViceIoctl *blobp, int follow) MarshallString(&preq, fullPath); if (blobp->in_size) { + if (blobp->in_size > sizeof(preq.data) - (preq.mp - preq.data)*sizeof(char)) { + errno = E2BIG; + return -1; + } memcpy(preq.mp, blobp->in, blobp->in_size); preq.mp += blobp->in_size; } -- 2.39.5