summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrediano Ziglio <fziglio@redhat.com>2017-05-15 15:57:28 +0100
committerChristophe Fergeau <cfergeau@redhat.com>2017-07-11 10:40:27 +0200
commit571cec91e71c2aae0d5f439ea2d8439d0c3d75eb (patch)
treeed62095aebe356fb519c4523113e9f1a45d78702
parent111ab38611cef5012f1565a65fa2d8a8a05cce37 (diff)
reds: Avoid integer overflows handling monitor configuration
Avoid VDAgentMessage::size integer overflows. Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
-rw-r--r--server/reds.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/server/reds.c b/server/reds.c
index ec2b6f47..656f518f 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -1131,6 +1131,9 @@ static void reds_on_main_agent_monitors_config(RedsState *reds,
spice_debug("not enough data yet. %zd", cmc->offset);
return;
}
+ if (msg_header->size < sizeof(VDAgentMonitorsConfig)) {
+ goto overflow;
+ }
monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header));
spice_debug("monitors_config->num_of_monitors: %d", monitors_config->num_of_monitors);
reds_client_monitors_config(reds, monitors_config);