From 55a46d88ddc1c5733deaabc9a5a9e53c314fbddc Mon Sep 17 00:00:00 2001 From: ratchov Date: Thu, 1 Aug 2024 14:36:27 +0000 Subject: [PATCH] sndiod: Fix insufficent check of input from clients Fixes possible sndiod(8) crashes caused by a global table overread triggered by the client. Found and analysed by Henry Ford , thanks! ok blumh, help from millert, mlarkin --- usr.bin/sndiod/sock.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr.bin/sndiod/sock.c b/usr.bin/sndiod/sock.c index 86a78cb67e8..969ea9f0f2d 100644 --- a/usr.bin/sndiod/sock.c +++ b/usr.bin/sndiod/sock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sock.c,v 1.49 2024/05/24 15:16:09 ratchov Exp $ */ +/* $OpenBSD: sock.c,v 1.50 2024/08/01 14:36:27 ratchov Exp $ */ /* * Copyright (c) 2008-2012 Alexandre Ratchov * @@ -986,7 +986,7 @@ sock_execmsg(struct sock *f) struct slot *s = f->slot; struct amsg *m = &f->rmsg; unsigned char *data; - int size, ctl; + unsigned int size, ctl; int cmd; cmd = ntohl(m->cmd); @@ -1020,7 +1020,7 @@ sock_execmsg(struct sock *f) return 0; } size = ntohl(m->u.data.size); - if (size <= 0) { + if (size == 0) { #ifdef DEBUG if (log_level >= 1) { sock_log(f); -- 2.20.1