diff options
| author |   sunil <sunil@openbsd.org> | 2016-02-02 05:45:27 +0000 |
|---|---|---|
| committer | sunil <sunil@openbsd.org> | 2016-02-02 05:45:27 +0000 |
| commit | bc1ed85bdd237f8a83acbf30caf601beab3c01d6 (patch) | |
| tree | 1c980af647c6946fa50146147b14c62ece11fd60 | |
| parent | remove uneeded break statements (diff) | |
| download | wireguard-openbsd-bc1ed85bdd237f8a83acbf30caf601beab3c01d6.tar.xz wireguard-openbsd-bc1ed85bdd237f8a83acbf30caf601beab3c01d6.zip | |
Check imsg data size before use.
Ok eric@ millert@
| -rw-r--r-- | usr.sbin/smtpd/control.c | 8 | ||||
| -rw-r--r-- | usr.sbin/smtpd/mda.c | 4 |
2 files changed, 10 insertions, 2 deletions
diff --git a/usr.sbin/smtpd/control.c b/usr.sbin/smtpd/control.c index a34becfdc2a..fafbe90aa47 100644 --- a/usr.sbin/smtpd/control.c +++ b/usr.sbin/smtpd/control.c @@ -1,4 +1,4 @@ -/* $OpenBSD: control.c,v 1.109 2015/12/28 22:08:30 jung Exp $ */ +/* $OpenBSD: control.c,v 1.110 2016/02/02 05:45:27 sunil Exp $ */ /* * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org> @@ -150,6 +150,8 @@ control_imsg(struct mproc *p, struct imsg *imsg) m_get_string(&m, &key); m_get_data(&m, &data, &sz); m_end(&m); + if (sz != sizeof(val)) + fatalx("control: IMSG_STAT_INCREMENT size mismatch"); memmove(&val, data, sz); if (stat_backend) stat_backend->increment(key, val.u.counter); @@ -160,6 +162,8 @@ control_imsg(struct mproc *p, struct imsg *imsg) m_get_string(&m, &key); m_get_data(&m, &data, &sz); m_end(&m); + if (sz != sizeof(val)) + fatalx("control: IMSG_STAT_DECREMENT size mismatch"); memmove(&val, data, sz); if (stat_backend) stat_backend->decrement(key, val.u.counter); @@ -170,6 +174,8 @@ control_imsg(struct mproc *p, struct imsg *imsg) m_get_string(&m, &key); m_get_data(&m, &data, &sz); m_end(&m); + if (sz != sizeof(val)) + fatalx("control: IMSG_STAT_SET size mismatch"); memmove(&val, data, sz); if (stat_backend) stat_backend->set(key, &val); diff --git a/usr.sbin/smtpd/mda.c b/usr.sbin/smtpd/mda.c index 5d5f9b573ab..c99d1404a35 100644 --- a/usr.sbin/smtpd/mda.c +++ b/usr.sbin/smtpd/mda.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mda.c,v 1.116 2016/01/08 19:31:29 chrisz Exp $ */ +/* $OpenBSD: mda.c,v 1.117 2016/02/02 05:45:27 sunil Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -149,6 +149,8 @@ mda_imsg(struct mproc *p, struct imsg *imsg) "Permanent failure in user lookup", ESC_DESTINATION_MAILBOX_HAS_MOVED); else { + if (sz != sizeof(u->userinfo)) + fatalx("mda: userinfo size mismatch"); memmove(&u->userinfo, data, sz); u->flags &= ~USER_WAITINFO; u->flags |= USER_RUNNABLE; |