aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Santos <[email protected]>2010-10-24 09:09:19 -0400
committerBjörn Gustavsson <[email protected]>2010-10-26 16:00:24 +0200
commitcea06983d15d2c268e4ff6af47edfdadfa189c8b (patch)
treee5e9f16260b0664ff86df8525c43acf259b6ad7d
parent735dc6c4f7ef51f3ef64ad60382f8a09ca6b9451 (diff)
downloadotp-cea06983d15d2c268e4ff6af47edfdadfa189c8b.tar.gz
otp-cea06983d15d2c268e4ff6af47edfdadfa189c8b.tar.bz2
otp-cea06983d15d2c268e4ff6af47edfdadfa189c8b.zip
ei: check the length of the node name
Check the length of the node name to prevent an overflow.
-rw-r--r--lib/erl_interface/src/epmd/epmd_publish.c6
-rw-r--r--lib/erl_interface/src/epmd/epmd_unpublish.c5
2 files changed, 11 insertions, 0 deletions
diff --git a/lib/erl_interface/src/epmd/epmd_publish.c b/lib/erl_interface/src/epmd/epmd_publish.c
index a9b8727747..d45fe644c0 100644
--- a/lib/erl_interface/src/epmd/epmd_publish.c
+++ b/lib/erl_interface/src/epmd/epmd_publish.c
@@ -69,6 +69,12 @@ static int ei_epmd_r4_publish (int port, const char *alive, unsigned ms)
int n;
int res, creation;
+ if (len > sizeof(buf)-2)
+ {
+ erl_errno = ERANGE;
+ return -1;
+ }
+
s = buf;
put16be(s,len);
diff --git a/lib/erl_interface/src/epmd/epmd_unpublish.c b/lib/erl_interface/src/epmd/epmd_unpublish.c
index 08662fe1ec..495cbab44c 100644
--- a/lib/erl_interface/src/epmd/epmd_unpublish.c
+++ b/lib/erl_interface/src/epmd/epmd_unpublish.c
@@ -59,6 +59,11 @@ int ei_unpublish_tmo(const char *alive, unsigned ms)
int len = 1 + strlen(alive);
int fd, res;
+ if (len > sizeof(buf)-3) {
+ erl_errno = ERANGE;
+ return -1;
+ }
+
put16be(s,len);
put8(s,EI_EPMD_STOP_REQ);
strcpy(s, alive);