[PATCH] ei: check the length of the node name

Michael Santos michael.santos@REDACTED
Sun Oct 24 15:09:19 CEST 2010


Check the length of the node name to prevent an overflow.
---
 lib/erl_interface/src/epmd/epmd_publish.c   |    6 ++++++
 lib/erl_interface/src/epmd/epmd_unpublish.c |    5 +++++
 2 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/lib/erl_interface/src/epmd/epmd_publish.c b/lib/erl_interface/src/epmd/epmd_publish.c
index a9b8727..d45fe64 100644
--- a/lib/erl_interface/src/epmd/epmd_publish.c
+++ b/lib/erl_interface/src/epmd/epmd_publish.c
@@ -69,6 +69,12 @@ static int ei_epmd_r4_publish (int port, const char *alive, unsigned ms)
   int n;
   int res, creation;
   
+  if (len > sizeof(buf)-2)
+  {
+    erl_errno = ERANGE;
+    return -1;
+  }
+
   s = buf;
   put16be(s,len);
 
diff --git a/lib/erl_interface/src/epmd/epmd_unpublish.c b/lib/erl_interface/src/epmd/epmd_unpublish.c
index 08662fe..495cbab 100644
--- a/lib/erl_interface/src/epmd/epmd_unpublish.c
+++ b/lib/erl_interface/src/epmd/epmd_unpublish.c
@@ -59,6 +59,11 @@ int ei_unpublish_tmo(const char *alive, unsigned ms)
     int len = 1 + strlen(alive);
     int fd, res;
 
+    if (len > sizeof(buf)-3) {
+	erl_errno = ERANGE;
+	return -1;
+    }
+
     put16be(s,len);
     put8(s,EI_EPMD_STOP_REQ);
     strcpy(s, alive);
-- 
1.7.0.4



More information about the erlang-patches mailing list