diff options
author | Michael Santos <[email protected]> | 2011-01-23 18:16:10 -0500 |
---|---|---|
committer | Björn-Egil Dahlberg <[email protected]> | 2011-02-22 16:46:59 +0100 |
commit | 0b9795fa8145dcb06639cbb67a376e440b4fbc92 (patch) | |
tree | 99fd86fbcdc9daacee03df1b0438ad3ba1372fc0 /lib/erl_interface/src/decode/decode_ref.c | |
parent | 91275b07fb6151b1ec201ac9c8380b7b96724b63 (diff) | |
download | otp-0b9795fa8145dcb06639cbb67a376e440b4fbc92.tar.gz otp-0b9795fa8145dcb06639cbb67a376e440b4fbc92.tar.bz2 otp-0b9795fa8145dcb06639cbb67a376e440b4fbc92.zip |
ei: buffer overflow when decoding atoms
Diffstat (limited to 'lib/erl_interface/src/decode/decode_ref.c')
-rw-r--r-- | lib/erl_interface/src/decode/decode_ref.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/erl_interface/src/decode/decode_ref.c b/lib/erl_interface/src/decode/decode_ref.c index 6fc2cd6533..691b51fe2d 100644 --- a/lib/erl_interface/src/decode/decode_ref.c +++ b/lib/erl_interface/src/decode/decode_ref.c @@ -35,6 +35,8 @@ int ei_decode_ref(const char *buf, int *index, erlang_ref *p) len = get16be(s); + if (len > MAXATOMLEN) return -1; + if (p) { memmove(p->node, s, len); p->node[len] = (char)0; @@ -62,6 +64,7 @@ int ei_decode_ref(const char *buf, int *index, erlang_ref *p) /* then the nodename */ if (get8(s) != ERL_ATOM_EXT) return -1; len = get16be(s); + if (len > MAXATOMLEN) return -1; if (p) { memmove(p->node, s, len); |