projects / platform / upstream / libnice.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8eab018)
pseudotcp: Validate option lengths
authorOlivier Crête <olivier.crete@collabora.com>
Wed, 2 Apr 2014 01:41:04 +0000 (21:41 -0400)
committerOlivier Crête <olivier.crete@collabora.com>
Wed, 2 Apr 2014 01:47:40 +0000 (21:47 -0400)
agent/pseudotcp.c patch | blob | history

diff --git a/agent/pseudotcp.c b/agent/pseudotcp.c
index 25cc957..3444086 100644 (file)
--- a/agent/pseudotcp.c
+++ b/agent/pseudotcp.c
@@ -1782,6 +1782,9 @@ parse_options (PseudoTcpSocket *self, const guint8 *data, guint32 len)
     guint8 kind = TCP_OPT_EOL;
     guint8 opt_len;
 
+    if (len < pos + 1)
+      return;
+
     kind = data[pos];
     pos++;
 
@@ -1793,11 +1796,16 @@ parse_options (PseudoTcpSocket *self, const guint8 *data, guint32 len)
       continue;
     }
 
+    if (len < pos + 1)
+      return;
+
     // Length of this option.
-    g_assert(len);
     opt_len = data[pos];
     pos++;
 
+    if (len < pos + opt_len)
+      return;
+
     // Content of this option.
     if (opt_len <= len - pos) {
       apply_option (self, kind, data + pos, opt_len);
Domain: Multimedia / Media Playback;