diff options
| -rw-r--r-- | lib/ppsocket.cc | 2 | ||||
| -rw-r--r-- | ncpd/socketchan.cc | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/lib/ppsocket.cc b/lib/ppsocket.cc index 0053436..8940148 100644 --- a/lib/ppsocket.cc +++ b/lib/ppsocket.cc @@ -297,6 +297,8 @@ getBufferStore(bufferStore & a, bool wait) return -1; } l = ntohl(l); + if (l > 16384) + return -1; bp = buff = new unsigned char[l]; while (l > 0) { int j = recv(bp, l, MSG_NOSIGNAL); diff --git a/ncpd/socketchan.cc b/ncpd/socketchan.cc index 407464a..371befd 100644 --- a/ncpd/socketchan.cc +++ b/ncpd/socketchan.cc @@ -207,6 +207,13 @@ socketPoll() // // All commands begin with "NCP$". + if (memchr(a.getString(), 0, a.getLen()) == 0) { + // Not 0 terminated, -> invalid + cerr << "ncpd: command " << a << " unrecognized." + << endl; + return; + } + // There is a magic process name called "NCP$INFO.*" // which is announced by the rfsvfactory. This causes a // response to be issued containing the NCP version |