[Xorp-cvs] XORP cvs commit: xorp/libxipc
Bruce Simpson
bms@icir.org
Sun, 12 Feb 2006 20:56:42 GMT
CVSROOT: /usr/local/www/data/cvs
Module name: xorp
Changes by: bms@xorpc.icir.org 2006-02-12 20:56:42 UTC
XORP CVS repository
Modified files:
libxipc finder_tcp.cc finder_tcp.hh
Log message:
Impose an XRL input buffer size limit of 64KiB on what is
advertised.
Previously the Finder server code would trust the value sent to
it by the remote XRL peer upon connection. This meant that the
Finder could easily be crashed by connecting to it with telnet
and sending random ASCII keystrokes.
These keystrokes would be interpreted as a 32-bit integer in network
byte order and then used to size the input buffer, causing a
memory allocation, creating the possibility of a std::bad_alloc
exception being thrown and not caught.
This fix is intended as a bandaid for a wider set of security
issues within XRL.
Bugzilla URL: http://www.xorp.org/bugzilla/show_bug.cgi?id=143
Reviewed by: atanu, pavlin
Revision Changes Path
1.28 +7 -5; commitid: 20cf43efa0387ea6; xorp/libxipc/finder_tcp.cc
1.17 +4 -1; commitid: 20cf43efa0387ea6; xorp/libxipc/finder_tcp.hh