summaryrefslogtreecommitdiff
path: root/lib9p/types.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib9p/types.c')
-rw-r--r--lib9p/types.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/lib9p/types.c b/lib9p/types.c
index baddab3..0343a48 100644
--- a/lib9p/types.c
+++ b/lib9p/types.c
@@ -311,7 +311,11 @@ static ALWAYS_INLINE bool _validate_size_host(struct _validate_ctx *ctx, size_t
}
static ALWAYS_INLINE bool _validate_list(struct _validate_ctx *ctx,
- size_t cnt, _validate_fn_t item_fn, size_t item_host_size) {
+ size_t cnt, size_t max,
+ _validate_fn_t item_fn, size_t item_host_size) {
+ if (max && cnt > max)
+ return lib9p_errorf(ctx->ctx, LINUX_EBADMSG, "list size is too large (%zu > %zu)",
+ cnt, max);
for (size_t i = 0; i < cnt; i++)
if (_validate_size_host(ctx, item_host_size) || item_fn(ctx))
return true;
@@ -460,12 +464,12 @@ static FLATTEN bool validate_Twalk(struct _validate_ctx *ctx) {
return validate_4(ctx)
|| validate_4(ctx)
|| validate_2(ctx)
- || _validate_list(ctx, decode_u16le(&ctx->net_bytes[ctx->net_offset-2]), validate_s, sizeof(struct lib9p_s));
+ || _validate_list(ctx, decode_u16le(&ctx->net_bytes[ctx->net_offset-2]), 16, validate_s, sizeof(struct lib9p_s));
}
static FLATTEN bool validate_Rwalk(struct _validate_ctx *ctx) {
return validate_2(ctx)
- || _validate_list(ctx, decode_u16le(&ctx->net_bytes[ctx->net_offset-2]), validate_qid, sizeof(struct lib9p_qid));
+ || _validate_list(ctx, decode_u16le(&ctx->net_bytes[ctx->net_offset-2]), 16, validate_qid, sizeof(struct lib9p_qid));
}
static FLATTEN bool validate_Topen(struct _validate_ctx *ctx) {
@@ -554,7 +558,7 @@ static FLATTEN bool validate_Rsession(struct _validate_ctx *UNUSED(ctx)) {
static FLATTEN bool validate_Tsread(struct _validate_ctx *ctx) {
return validate_4(ctx)
|| validate_2(ctx)
- || _validate_list(ctx, decode_u16le(&ctx->net_bytes[ctx->net_offset-2]), validate_s, sizeof(struct lib9p_s));
+ || _validate_list(ctx, decode_u16le(&ctx->net_bytes[ctx->net_offset-2]), 0, validate_s, sizeof(struct lib9p_s));
}
static FLATTEN bool validate_Rsread(struct _validate_ctx *ctx) {
@@ -564,7 +568,7 @@ static FLATTEN bool validate_Rsread(struct _validate_ctx *ctx) {
static FLATTEN bool validate_Tswrite(struct _validate_ctx *ctx) {
return validate_4(ctx)
|| validate_2(ctx)
- || _validate_list(ctx, decode_u16le(&ctx->net_bytes[ctx->net_offset-2]), validate_s, sizeof(struct lib9p_s))
+ || _validate_list(ctx, decode_u16le(&ctx->net_bytes[ctx->net_offset-2]), 0, validate_s, sizeof(struct lib9p_s))
|| validate_d(ctx);
}
generated by cgit v1.2.3-2-g168b (git 2.25.1) at 2024-11-21 18:39:14 +0000