Fix broken size checks in various input plugins (ref. CVE-2008-5239).

author: Darren Salt <linux@youmustbejoking.demon.co.uk> 2009-02-10 17:17:50 +0000
committer: Darren Salt <linux@youmustbejoking.demon.co.uk> 2009-02-10 17:17:50 +0000
commit: a0b9021d54dc9890da5f0c9bd26361db4556f6c2 (patch)
tree: 980f00f5a31e15e5ef3eeb400d5883b6b1d2643b /src/input/input_smb.c
parent: 2afab9c8441685d1ec8f6ef5c9f8c4a163533dfa (diff)
download: xine-lib-a0b9021d54dc9890da5f0c9bd26361db4556f6c2.tar.gz
xine-lib-a0b9021d54dc9890da5f0c9bd26361db4556f6c2.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/src/input/input_smb.c b/src/input/input_smb.c
index 4d7e9a94a..e49eaa889 100644
--- a/src/input/input_smb.c
+++ b/src/input/input_smb.c
@@ -91,7 +91,9 @@ smb_plugin_read_block (input_plugin_t *this_gen, fifo_buffer_t *fifo,
 	off_t total_bytes;
 	buf_element_t *buf = fifo->buffer_pool_alloc (fifo);
 
-	if (todo < 0 || todo > buf->size) {
+	if (todo > buf->max_size)
+	  todo = buf->max_size;
+	if (todo < 0) {
 		buf->free_buffer (buf);
 		return NULL;
 	}
author	Darren Salt <linux@youmustbejoking.demon.co.uk>	2009-02-10 17:17:50 +0000
committer	Darren Salt <linux@youmustbejoking.demon.co.uk>	2009-02-10 17:17:50 +0000
commit	a0b9021d54dc9890da5f0c9bd26361db4556f6c2 (patch)
tree	980f00f5a31e15e5ef3eeb400d5883b6b1d2643b /src/input/input_smb.c
parent	2afab9c8441685d1ec8f6ef5c9f8c4a163533dfa (diff)
download	xine-lib-a0b9021d54dc9890da5f0c9bd26361db4556f6c2.tar.gz xine-lib-a0b9021d54dc9890da5f0c9bd26361db4556f6c2.tar.bz2