From cea06983d15d2c268e4ff6af47edfdadfa189c8b Mon Sep 17 00:00:00 2001
From: Michael Santos <michael.santos@gmail.com>
Date: Sun, 24 Oct 2010 09:09:19 -0400
Subject: ei: check the length of the node name

Check the length of the node name to prevent an overflow.
---
 lib/erl_interface/src/epmd/epmd_publish.c   | 6 ++++++
 lib/erl_interface/src/epmd/epmd_unpublish.c | 5 +++++
 2 files changed, 11 insertions(+)

(limited to 'lib/erl_interface/src')

diff --git a/lib/erl_interface/src/epmd/epmd_publish.c b/lib/erl_interface/src/epmd/epmd_publish.c
index a9b8727747..d45fe644c0 100644
--- a/lib/erl_interface/src/epmd/epmd_publish.c
+++ b/lib/erl_interface/src/epmd/epmd_publish.c
@@ -69,6 +69,12 @@ static int ei_epmd_r4_publish (int port, const char *alive, unsigned ms)
   int n;
   int res, creation;
   
+  if (len > sizeof(buf)-2)
+  {
+    erl_errno = ERANGE;
+    return -1;
+  }
+
   s = buf;
   put16be(s,len);
 
diff --git a/lib/erl_interface/src/epmd/epmd_unpublish.c b/lib/erl_interface/src/epmd/epmd_unpublish.c
index 08662fe1ec..495cbab44c 100644
--- a/lib/erl_interface/src/epmd/epmd_unpublish.c
+++ b/lib/erl_interface/src/epmd/epmd_unpublish.c
@@ -59,6 +59,11 @@ int ei_unpublish_tmo(const char *alive, unsigned ms)
     int len = 1 + strlen(alive);
     int fd, res;
 
+    if (len > sizeof(buf)-3) {
+	erl_errno = ERANGE;
+	return -1;
+    }
+
     put16be(s,len);
     put8(s,EI_EPMD_STOP_REQ);
     strcpy(s, alive);
-- 
cgit v1.2.3