lib: fix coverity CID 1574979

author Christian Hopps <chopps@labn.net>

Sat, 30 Dec 2023 14:48:15 +0000 (14:48 +0000)

committer Christian Hopps <chopps@labn.net>

Sat, 30 Dec 2023 16:03:45 +0000 (16:03 +0000)
author Christian Hopps <chopps@labn.net>
Sat, 30 Dec 2023 14:48:15 +0000 (14:48 +0000)
committer Christian Hopps <chopps@labn.net>
Sat, 30 Dec 2023 16:03:45 +0000 (16:03 +0000)
diff --git a/lib/mgmt_msg.c b/lib/mgmt_msg.c

index b03dbe8cc3e24d670ab04cb19aec17ac9de62b6c..23cfbc3b0158f13d3a2a46541abfbe79d3c7b650 100644 (file)
--- a/lib/mgmt_msg.c
+++ b/lib/mgmt_msg.c
@@ -111,6 +111,11 @@ enum mgmt_msg_rsched mgmt_msg_read(struct mgmt_msg_state *ms, int fd,
                          * therefor the stream is too small to fit the message..
                          * Resize the stream to fit.
                          */
+                       if (mhdr->len > MGMT_MSG_MAX_MSG_ALLOC_LEN) {
+                               MGMT_MSG_ERR(ms, "corrupt msg len rcvd %u",
+                                            mhdr->len);
+                               return MSR_DISCONNECT;
+                       }
                         news = stream_new(mhdr->len);
                         stream_put(news, mhdr, left);
                         stream_set_endp(news, left);
diff --git a/lib/mgmt_msg.h b/lib/mgmt_msg.h

index 3195d4a7fb07cb7500261f5e623db1e19ec5f95f..6bdc9a6cfc3a11c047c6b80ec1981280706bf0fa 100644 (file)
--- a/lib/mgmt_msg.h
+++ b/lib/mgmt_msg.h
@@ -24,6 +24,8 @@ DECLARE_MTYPE(MSG_CONN);
  #define MGMT_MSG_VERSION_PROTOBUF 0
  #define MGMT_MSG_VERSION_NATIVE 1
  
+/* The absolute maximum message size (16MB) */
+#define MGMT_MSG_MAX_MSG_ALLOC_LEN (16 * 1024 * 1024)
  
  struct mgmt_msg_state {
         struct stream *ins;
author	Christian Hopps <chopps@labn.net>
	Sat, 30 Dec 2023 14:48:15 +0000 (14:48 +0000)
committer	Christian Hopps <chopps@labn.net>
	Sat, 30 Dec 2023 16:03:45 +0000 (16:03 +0000)
lib/mgmt_msg.c		patch \| blob \| history
lib/mgmt_msg.h		patch \| blob \| history