ref: c066047cbc6404e1b7c1515eb2df9081e55f5662
parent: 4b3e8958d8ebcdc53bf6deaa9cc927b6e1fceccf
author: cinap_lenrek <cinap_lenrek@gmx.de>
date: Sun Sep 15 23:56:53 EDT 2013
libauth: add sanity check for auth_proxy write size
--- a/sys/src/libauth/auth_proxy.c
+++ b/sys/src/libauth/auth_proxy.c
@@ -157,9 +157,10 @@
n = 0;
memset(buf, 0, AuthRpcMax);
while((ret = dorpc(rpc, "write", buf, n, getkey)) == ARtoosmall){- if(atoi(rpc->arg) > AuthRpcMax)
+ m = atoi(rpc->arg);
+ if(m <= n || m > AuthRpcMax)
break;
- m = read(fd, buf + n, atoi(rpc->arg) - n);
+ m = read(fd, buf + n, m - n);
if(m <= 0){if(m == 0)
werrstr("auth_proxy short read: %s",--
⑨