Module: kamailio Branch: master Commit: 6c12477f1dad2279431d703d1a4f63fcfc6543b8 URL: https://github.com/kamailio/kamailio/commit/6c12477f1dad2279431d703d1a4f63fcfc6543b8
Author: Daniel-Constantin Mierla <mico...@gmail.com> Committer: Daniel-Constantin Mierla <mico...@gmail.com> Date: 2025-02-11T11:30:34+01:00 core: pass fd - check for unexpected read size overflow --- Modified: src/core/pass_fd.c --- Diff: https://github.com/kamailio/kamailio/commit/6c12477f1dad2279431d703d1a4f63fcfc6543b8.diff Patch: https://github.com/kamailio/kamailio/commit/6c12477f1dad2279431d703d1a4f63fcfc6543b8.patch --- diff --git a/src/core/pass_fd.c b/src/core/pass_fd.c index eae20206fd5..77431dbf293 100644 --- a/src/core/pass_fd.c +++ b/src/core/pass_fd.c @@ -35,6 +35,7 @@ #include <sys/socket.h> #include <sys/uio.h> #include <stdlib.h> /* for NULL definition on openbsd */ +#include <limits.h> #include <errno.h> #include <string.h> #ifdef NO_MSG_WAITALL @@ -289,9 +290,14 @@ int receive_fd(int unix_socket, void *data, int data_len, int *fd, int flags) /* blocking recv_all */ n = recv_all( unix_socket, (char *)data + ret, data_len - ret, MSG_WAITALL); - if(n >= 0) + if(n >= 0) { + if(ret >= INT_MAX - n) { + LM_ERR("int size overflowing: %d + %d\n", ret, n); + ret = -1; + goto error; + } ret += n; - else { + } else { ret = n; goto error; } _______________________________________________ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
