From f90339528b5f72aabf0008b83ff25bd6b78d05a0 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 23 May 2007 16:29:18 +0000
Subject: Fix another DoS vulnerability, also identified Luigi Auriemma (closes
 #67)

git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1446 fefdeb5f-60dc-0310-8127-8f9354f1896f
---
 src/pulsecore/pstream.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/pulsecore/pstream.c')

diff --git a/src/pulsecore/pstream.c b/src/pulsecore/pstream.c
index dbee7763..897e4295 100644
--- a/src/pulsecore/pstream.c
+++ b/src/pulsecore/pstream.c
@@ -662,7 +662,7 @@ static int do_read(pa_pstream *p) {
 
         length = ntohl(p->read.descriptor[PA_PSTREAM_DESCRIPTOR_LENGTH]);
 
-        if (length > FRAME_SIZE_MAX_ALLOW) {
+        if (length > FRAME_SIZE_MAX_ALLOW || length <= 0) {
             pa_log_warn("Recieved invalid frame size : %lu", (unsigned long) length);
             return -1;
         }
-- 
cgit