[Freeciv-Dev] (PR#15762) packets security fix
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
<URL: http://bugs.freeciv.org/Ticket/Display.html?id=15762 >
As reported by Luigi Auriemma <aluigi@xxxxxxxxxxxxx>, aka BYEZ, these
patches should fix a minor security hole allowing a freeciv server to be
crashed by a malicious client.
-jason
Index: common/packets.c
===================================================================
--- common/packets.c (revision 11709)
+++ common/packets.c (working copy)
@@ -362,13 +362,13 @@
}
#endif
- if (whole_packet_len > pc->buffer->ndata) {
+ if ((unsigned)whole_packet_len > pc->buffer->ndata) {
return NULL; /* not all data has been read */
}
#ifdef USE_COMPRESSION
if (compressed_packet) {
- int compressed_size = whole_packet_len - header_size;
+ uLong compressed_size = whole_packet_len - header_size;
/*
* We don't know the decompressed size. We assume a bad case
* here: an expansion by an factor of 100.
Index: common/packets.c
===================================================================
--- common/packets.c (revision 11709)
+++ common/packets.c (working copy)
@@ -348,13 +348,13 @@
}
#endif
- if (whole_packet_len > pc->buffer->ndata) {
+ if ((unsigned)whole_packet_len > pc->buffer->ndata) {
return NULL; /* not all data has been read */
}
#ifdef USE_COMPRESSION
if (compressed_packet) {
- int compressed_size = whole_packet_len - header_size;
+ uLong compressed_size = whole_packet_len - header_size;
/*
* We don't know the decompressed size. We assume a bad case
* here: an expansion by an factor of 100.
@@ -406,7 +406,7 @@
buffer->ndata += decompressed_size;
- freelog(COMPRESS_LOG_LEVEL, "COMPRESS: decompressed %d into %ld",
+ freelog(COMPRESS_LOG_LEVEL, "COMPRESS: decompressed %ld into %ld",
compressed_size, decompressed_size);
return get_packet_from_connection(pc, ptype, presult);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Freeciv-Dev] (PR#15762) packets security fix,
Jason Short <=
|
|
