aboutsummaryrefslogtreecommitdiffstats
path: root/lib/erl_interface/src/decode/decode_ref.c
diff options
context:
space:
mode:
authorMichael Santos <[email protected]>2011-01-23 18:16:10 -0500
committerBjörn-Egil Dahlberg <[email protected]>2011-02-22 16:46:59 +0100
commit0b9795fa8145dcb06639cbb67a376e440b4fbc92 (patch)
tree99fd86fbcdc9daacee03df1b0438ad3ba1372fc0 /lib/erl_interface/src/decode/decode_ref.c
parent91275b07fb6151b1ec201ac9c8380b7b96724b63 (diff)
downloadotp-0b9795fa8145dcb06639cbb67a376e440b4fbc92.tar.gz
otp-0b9795fa8145dcb06639cbb67a376e440b4fbc92.tar.bz2
otp-0b9795fa8145dcb06639cbb67a376e440b4fbc92.zip
ei: buffer overflow when decoding atoms
Diffstat (limited to 'lib/erl_interface/src/decode/decode_ref.c')
-rw-r--r--lib/erl_interface/src/decode/decode_ref.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/erl_interface/src/decode/decode_ref.c b/lib/erl_interface/src/decode/decode_ref.c
index 6fc2cd6533..691b51fe2d 100644
--- a/lib/erl_interface/src/decode/decode_ref.c
+++ b/lib/erl_interface/src/decode/decode_ref.c
@@ -35,6 +35,8 @@ int ei_decode_ref(const char *buf, int *index, erlang_ref *p)
len = get16be(s);
+ if (len > MAXATOMLEN) return -1;
+
if (p) {
memmove(p->node, s, len);
p->node[len] = (char)0;
@@ -62,6 +64,7 @@ int ei_decode_ref(const char *buf, int *index, erlang_ref *p)
/* then the nodename */
if (get8(s) != ERL_ATOM_EXT) return -1;
len = get16be(s);
+ if (len > MAXATOMLEN) return -1;
if (p) {
memmove(p->node, s, len);