diff options
| author | Sergei Golovan <[email protected]> | 2013-06-27 09:42:57 +0400 |
|---|---|---|
| committer | Sergei Golovan <[email protected]> | 2013-06-27 09:42:57 +0400 |
| commit | b8e5024b2d48c5375fa3dd30121724fab9676e99 (patch) | |
| tree | 26072ead9246f482d9f338243c54ec8278a06cc6 | |
| parent | 10d93045982fc1477a4dade95d1cc400928fec14 (diff) | |
| download | otp-b8e5024b2d48c5375fa3dd30121724fab9676e99.tar.gz otp-b8e5024b2d48c5375fa3dd30121724fab9676e99.tar.bz2 otp-b8e5024b2d48c5375fa3dd30121724fab9676e99.zip | |
Added a few input checks which prevent odbcserver crash if it's executed
and supplied incorrect data to stdin. A crash example:
echo -en "\x0\x0\x0\x1\x0" | ./odbcserver
| -rw-r--r-- | lib/odbc/c_src/odbcserver.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/odbc/c_src/odbcserver.c b/lib/odbc/c_src/odbcserver.c index 5730e20774..8de81a30ae 100644 --- a/lib/odbc/c_src/odbcserver.c +++ b/lib/odbc/c_src/odbcserver.c @@ -277,11 +277,15 @@ int main(void) msg = receive_erlang_port_msg(); temp = strtok(msg, ";"); + if (temp == NULL) + DO_EXIT(EXIT_STDIN_BODY); length = strlen(temp); supervisor_port = safe_malloc(length + 1); strcpy(supervisor_port, temp); temp = strtok(NULL, ";"); + if (temp == NULL) + DO_EXIT(EXIT_STDIN_BODY); length = strlen(temp); odbc_port = safe_malloc(length + 1); strcpy(odbc_port, temp); @@ -1819,12 +1823,20 @@ static byte * receive_erlang_port_msg(void) len |= lengthstr[i]; } + if (len <= 0 || len > 1024) { + DO_EXIT(EXIT_STDIN_HEADER); + } + buffer = (byte *)safe_malloc(len); if (read_exact(buffer, len) <= 0) { DO_EXIT(EXIT_STDIN_BODY); } + if (buffer[len-1] != '\0') { + DO_EXIT(EXIT_STDIN_BODY); + } + return buffer; } |