projects
/
platform
/
upstream
/
rpm.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
fix: prevent segfault if malicious server sends 1 GB of data through ftpNLST.
[platform/upstream/rpm.git]
/
rpmio
/
rpmrpc.c
diff --git
a/rpmio/rpmrpc.c
b/rpmio/rpmrpc.c
index
de21d88
..
9f3be35
100644
(file)
--- a/
rpmio/rpmrpc.c
+++ b/
rpmio/rpmrpc.c
@@
-903,6
+903,7
@@
static int ftpNLST(const char * url, ftpSysCall_t ftpSysCall,
/* XXX FIXME: realloc ftpBuf if < ~128 chars remain */
if ((ftpBufAlloced - bufLength) < (1024+80)) {
ftpBufAlloced <<= 2;
+ assert(ftpBufAlloced < (8*1024*1024));
ftpBuf = xrealloc(ftpBuf, ftpBufAlloced);
}
s = se = ftpBuf + bufLength;