From cf925b10e157c0ae87ff876dd8047586226afa87 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 23 May 2007 16:42:26 +0000
Subject: Fix yet another DoS vulnerability, also identified Luigi Auriemma (re
 #67)

git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1448 fefdeb5f-60dc-0310-8127-8f9354f1896f
---
 src/pulsecore/protocol-native.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/pulsecore/protocol-native.c')

diff --git a/src/pulsecore/protocol-native.c b/src/pulsecore/protocol-native.c
index 4e861f85..774f6918 100644
--- a/src/pulsecore/protocol-native.c
+++ b/src/pulsecore/protocol-native.c
@@ -763,7 +763,8 @@ static void command_create_playback_stream(PA_GCC_UNUSED pa_pdispatch *pd, PA_GC
     CHECK_VALIDITY(c->pstream, pa_cvolume_valid(&volume), tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, map.channels == ss.channels && volume.channels == ss.channels, tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, maxlength > 0 && maxlength <= MAX_MEMBLOCKQ_LENGTH, tag, PA_ERR_INVALID);
-
+    CHECK_VALIDITY(c->pstream, maxlength >= pa_frame_size(&ss), tag, PA_ERR_INVALID);
+    
     if (sink_index != PA_INVALID_INDEX) {
         sink = pa_idxset_get_by_index(c->protocol->core->sinks, sink_index);
         CHECK_VALIDITY(c->pstream, sink, tag, PA_ERR_NOENTITY);
-- 
cgit