From fbf7977853ad90a38819cc13b8d1f295442cf0a4 Mon Sep 17 00:00:00 2001 From: Rolf Ahrenberg Date: Thu, 26 Mar 2015 00:23:55 +0200 Subject: [PATCH] Added a memory guard for cSatipMemoryBuffer(). --- common.h | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/common.h b/common.h index e84884c..ac9ea20 100644 --- a/common.h +++ b/common.h @@ -86,7 +86,10 @@ class cSatipMemoryBuffer { private: - char *dataM; + enum { + eMaxDataSize = MEGABYTE(2) + }; + char *dataM; size_t sizeM; void *AllocBuffer(void *ptrP, size_t sizeP) { @@ -105,15 +108,20 @@ public: size_t Add(char *dataP, size_t sizeP) { if (sizeP > 0) { - dataM = (char *)AllocBuffer(dataM, sizeM + sizeP + 1); - if (dataM) { - memcpy(&(dataM[sizeM]), dataP, sizeP); - sizeM += sizeP; - dataM[sizeM] = 0; - return sizeP; - } - else - esyslog("[%s,%d]: Failed to allocate memory", __FILE__, __LINE__); + size_t len = sizeM + sizeP + 1; + if (len < eMaxDataSize) { + dataM = (char *)AllocBuffer(dataM, len); + if (dataM) { + memcpy(&(dataM[sizeM]), dataP, sizeP); + sizeM += sizeP; + dataM[sizeM] = 0; + return sizeP; + } + else + esyslog("[%s,%d]: Failed to allocate memory", __FILE__, __LINE__); + } + else + esyslog("[%s,%d]: Buffer overflow", __FILE__, __LINE__); } return 0; };