summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmar Tumballi <amarts@redhat.com>2018-07-24 13:25:12 +0530
committerjiffin tony Thottan <jthottan@redhat.com>2018-09-06 15:53:56 +0000
commite1461a27e98980dde85c1a506eef514d8cefda4b (patch)
treebd24562c3e16a196c241ecc81394ed7e4f7e6106
parent846ab3c294ff1926e28f367352314789aacc0459 (diff)
dict: handle negative key/value length while unserialize
Change-Id: Ie56df0da46c242846a1ba51ccb9e011af118b119 BUG: 1625656 Signed-off-by: Amar Tumballi <amarts@redhat.com>
-rw-r--r--libglusterfs/src/dict.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/libglusterfs/src/dict.c b/libglusterfs/src/dict.c
index 6c3fc16..03a220a 100644
--- a/libglusterfs/src/dict.c
+++ b/libglusterfs/src/dict.c
@@ -2813,7 +2813,8 @@ dict_unserialize (char *orig_buf, int32_t size, dict_t **fill)
vallen = ntoh32 (hostord);
buf += DICT_DATA_HDR_VAL_LEN;
- if ((buf + keylen) > (orig_buf + size)) {
+ if ((keylen < 0) || (vallen < 0) ||
+ (buf + keylen) > (orig_buf + size)) {
gf_msg_callingfn ("dict", GF_LOG_ERROR, 0,
LG_MSG_UNDERSIZED_BUF,
"undersized buffer passed. "