remove dos opportunity

svn:r180
2025-09-08 03:44:22 -04:00 · 2005-08-30 06:02:09 +00:00 · 2005-08-30 06:02:09 +00:00 · 7000fe664d
commit 7000fe664d
parent 5c5145dc1c
1 changed files with 4 additions and 0 deletions
--- a/event_rpcgen.py
+++ b/event_rpcgen.py
@ -795,6 +795,10 @@ class EntryVarBytes(Entry):
    def CodeUnmarshal(self, buf, tag_name, var_name):
        code = ['if (evtag_payload_length(%s, &%s->%s_length) == -1)' % (
            buf, var_name, self._name),
+                '  return (-1);',
+                # We do not want DoS opportunities
+                'if (%s->%s_length > EVBUFFER_LENGTH(%s))' % (
+            var_name, self._name, buf),
                '  return (-1);',
                'if ((%s->%s_data = malloc(%s->%s_length)) == NULL)' % (
            var_name, self._name, var_name, self._name),