diff options
| -rw-r--r-- | lib/ppsocket.cc | 2 | ||||
| -rw-r--r-- | ncpd/socketchan.cc | 7 | 
2 files changed, 9 insertions, 0 deletions
| diff --git a/lib/ppsocket.cc b/lib/ppsocket.cc index 0053436..8940148 100644 --- a/lib/ppsocket.cc +++ b/lib/ppsocket.cc @@ -297,6 +297,8 @@ getBufferStore(bufferStore & a, bool wait)  	return -1;      }      l = ntohl(l); +    if (l > 16384) +	    return -1;      bp = buff = new unsigned char[l];      while (l > 0) {  	int j = recv(bp, l, MSG_NOSIGNAL); diff --git a/ncpd/socketchan.cc b/ncpd/socketchan.cc index 407464a..371befd 100644 --- a/ncpd/socketchan.cc +++ b/ncpd/socketchan.cc @@ -207,6 +207,13 @@ socketPoll()  		//  		// All commands begin with "NCP$". +		if (memchr(a.getString(), 0, a.getLen()) == 0) { +			// Not 0 terminated, -> invalid +			cerr << "ncpd: command " << a << " unrecognized." +			     << endl; +			return; +		} +  		// There is a magic process name called "NCP$INFO.*"  		// which is announced by the rfsvfactory. This causes a  		// response to be issued containing the NCP version | 
