|
|
62fb3e |
From 41f5129d402bcd14ec4d2cde875203ab51076352 Mon Sep 17 00:00:00 2001
|
|
|
62fb3e |
From: "Bruce A. Mah" <bmah@es.net>
|
|
|
62fb3e |
Date: Fri, 7 Jul 2023 11:03:43 -0700
|
|
|
62fb3e |
Subject: [PATCH] Fix memory allocation hazard (#1542).
|
|
|
62fb3e |
|
|
|
62fb3e |
Reported by: @someusername123 on GitHub
|
|
|
62fb3e |
---
|
|
|
62fb3e |
src/iperf_api.c | 9 ++++++++-
|
|
|
62fb3e |
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
62fb3e |
|
|
|
62fb3e |
diff --git a/src/iperf_api.c b/src/iperf_api.c
|
|
|
62fb3e |
index f2d416214..a95e02418 100644
|
|
|
62fb3e |
--- a/src/iperf_api.c
|
|
|
62fb3e |
+++ b/src/iperf_api.c
|
|
|
62fb3e |
@@ -2670,6 +2670,7 @@ static cJSON *
|
|
|
62fb3e |
JSON_read(int fd)
|
|
|
62fb3e |
{
|
|
|
62fb3e |
uint32_t hsize, nsize;
|
|
|
62fb3e |
+ size_t strsize;
|
|
|
62fb3e |
char *str;
|
|
|
62fb3e |
cJSON *json = NULL;
|
|
|
62fb3e |
int rc;
|
|
|
62fb3e |
@@ -2682,7 +2683,9 @@ JSON_read(int fd)
|
|
|
62fb3e |
if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) {
|
|
|
62fb3e |
hsize = ntohl(nsize);
|
|
|
62fb3e |
/* Allocate a buffer to hold the JSON */
|
|
|
62fb3e |
- str = (char *) calloc(sizeof(char), hsize+1); /* +1 for trailing null */
|
|
|
62fb3e |
+ strsize = hsize + 1; /* +1 for trailing NULL */
|
|
|
62fb3e |
+ if (strsize) {
|
|
|
62fb3e |
+ str = (char *) calloc(sizeof(char), strsize);
|
|
|
62fb3e |
if (str != NULL) {
|
|
|
62fb3e |
rc = Nread(fd, str, hsize, Ptcp);
|
|
|
62fb3e |
if (rc >= 0) {
|
|
|
62fb3e |
@@ -2701,6 +2704,10 @@ JSON_read(int fd)
|
|
|
62fb3e |
}
|
|
|
62fb3e |
}
|
|
|
62fb3e |
free(str);
|
|
|
62fb3e |
+ }
|
|
|
62fb3e |
+ else {
|
|
|
62fb3e |
+ printf("WARNING: Data length overflow\n");
|
|
|
62fb3e |
+ }
|
|
|
62fb3e |
}
|
|
|
62fb3e |
return json;
|
|
|
62fb3e |
}
|
|
|
62fb3e |
|