From 7217c46dfefccf581583f6f38ba8032a0dfad643 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Tue, 31 Oct 2017 20:21:46 +0100 Subject: [PATCH] MEDIUM: shctx: forbid shctx to read more than expected Forbid shctx to read more than expected, it allows you to use a greater value as a len with shctx_row_data_get(), the size of the destination buffer for example. --- src/shctx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/shctx.c b/src/shctx.c index 69da33570..61fd12d3d 100644 --- a/src/shctx.c +++ b/src/shctx.c @@ -209,6 +209,10 @@ int shctx_row_data_get(struct shared_context *shctx, struct shared_block *first, int count = 0, size = 0, start = -1; struct shared_block *block; + /* can't copy more */ + if (len > first->len) + len = first->len; + block = first; count = 0; /* Pass through the blocks to copy them */