mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-01-13 08:29:32 -05:00
patch from HM to avoid allocating absurdly long uids
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6958 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
22f41b8e16
commit
2c19810e37
@ -1296,15 +1296,26 @@ static int parse_user_id(ops_region_t *region,ops_parse_info_t *pinfo)
|
|||||||
|
|
||||||
if(!(region->length_read == 0)) // ASSERT(region->length_read == 0) /* We should not have read anything so far */
|
if(!(region->length_read == 0)) // ASSERT(region->length_read == 0) /* We should not have read anything so far */
|
||||||
{
|
{
|
||||||
fprintf(stderr,"parse_user_id: region read size should be 0. Corrupted data ?") ;
|
fprintf(stderr,"parse_user_id: region read size should be 0. Corrupted data ?\n") ;
|
||||||
return 0 ;
|
return 0 ;
|
||||||
}
|
}
|
||||||
|
|
||||||
C.user_id.user_id=malloc(region->length+1); /* XXX should we not like check malloc's return value? */
|
/* From gnupg parse-packet.c:
|
||||||
|
Cap the size of a user ID at 2k: a value absurdly large enough
|
||||||
|
that there is no sane user ID string (which is printable text
|
||||||
|
as of RFC2440bis) that won't fit in it, but yet small enough to
|
||||||
|
avoid allocation problems. */
|
||||||
|
|
||||||
|
if(region->length > 2048)
|
||||||
|
{
|
||||||
|
fprintf(stderr,"parse_user_id(): invalid region length (%u)\n",region->length);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
C.user_id.user_id=malloc(region->length +1); /* XXX should we not like check malloc's return value? */
|
||||||
|
|
||||||
if(C.user_id.user_id==NULL)
|
if(C.user_id.user_id==NULL)
|
||||||
{
|
{
|
||||||
fprintf(stderr,"malloc failed in parse_user_id") ;
|
fprintf(stderr,"malloc failed in parse_user_id\n") ;
|
||||||
return 0 ;
|
return 0 ;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user