Add validity checking to TXT data parsing, this fixes a remotely exploitable vulnerability.

git-svn-id: file:///home/lennart/svn/public/avahi/trunk@888 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
author: Lennart Poettering <lennart@poettering.net> 2005-10-27 14:30:46 +0000
committer: Lennart Poettering <lennart@poettering.net> 2005-10-27 14:30:46 +0000
commit: 20011324500a728851e4888c890a756ecf71394b (patch)
tree: 9dc37356855fa1b1c009aa978158fac9c85f2d16 /avahi-compat-howl/text.c
parent: cf5ee4f9a5c3625a3d13b92603d1035f976228b0 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/avahi-compat-howl/text.c b/avahi-compat-howl/text.c
index fb05acf..3b717be 100644
--- a/avahi-compat-howl/text.c
+++ b/avahi-compat-howl/text.c
@@ -194,6 +194,7 @@ sw_result sw_text_record_iterator_init(
     sw_octets text_record,
     sw_uint32 text_record_len) {
 
+    AvahiStringList *txt;
     assert(self);
 
     AVAHI_WARN_LINKAGE;
@@ -203,7 +204,13 @@ sw_result sw_text_record_iterator_init(
         return SW_E_UNKNOWN;
     }
 
-    (*self)->index = (*self)->strlst = avahi_string_list_reverse(avahi_string_list_parse(text_record, text_record_len));
+    if (avahi_string_list_parse(text_record, text_record_len, &txt) < 0) {
+        avahi_free(*self);
+        *self = NULL;
+        return SW_E_UNKNOWN;
+    }
+
+    (*self)->index = (*self)->strlst = avahi_string_list_reverse(txt);
     
     return SW_OKAY;
 }
author	Lennart Poettering <lennart@poettering.net>	2005-10-27 14:30:46 +0000
committer	Lennart Poettering <lennart@poettering.net>	2005-10-27 14:30:46 +0000
commit	20011324500a728851e4888c890a756ecf71394b (patch)
tree	9dc37356855fa1b1c009aa978158fac9c85f2d16 /avahi-compat-howl/text.c
parent	cf5ee4f9a5c3625a3d13b92603d1035f976228b0 (diff)