]> code.delx.au - pulseaudio/commitdiff
delx.au / code / pulseaudio / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c3b5de7)
Fix yet another DoS vulnerability, also identified Luigi Auriemma (re #67)
authorLennart Poettering <lennart@poettering.net>
Wed, 23 May 2007 16:42:26 +0000 (16:42 +0000)
committerLennart Poettering <lennart@poettering.net>
Wed, 23 May 2007 16:42:26 +0000 (16:42 +0000)
git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1448 fefdeb5f-60dc-0310-8127-8f9354f1896f

src/pulsecore/protocol-native.c patch | blob | history

diff --git a/src/pulsecore/protocol-native.c b/src/pulsecore/protocol-native.c
index 4e861f85cf1b30ff3b505a815a5441c504a49996..774f69188e889428215060e29be5e2afe510f006 100644 (file)
--- a/src/pulsecore/protocol-native.c
+++ b/src/pulsecore/protocol-native.c
@@ -763,7 +763,8 @@ static void command_create_playback_stream(PA_GCC_UNUSED pa_pdispatch *pd, PA_GC
     CHECK_VALIDITY(c->pstream, pa_cvolume_valid(&volume), tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, map.channels == ss.channels && volume.channels == ss.channels, tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, maxlength > 0 && maxlength <= MAX_MEMBLOCKQ_LENGTH, tag, PA_ERR_INVALID);
-
+    CHECK_VALIDITY(c->pstream, maxlength >= pa_frame_size(&ss), tag, PA_ERR_INVALID);
+    
     if (sink_index != PA_INVALID_INDEX) {
         sink = pa_idxset_get_by_index(c->protocol->core->sinks, sink_index);
         CHECK_VALIDITY(c->pstream, sink, tag, PA_ERR_NOENTITY);