Add missing check againt PDU size in __pmDecodeIDList routine
authorNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:43 +0000 (11:28 +1000)
committerNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:43 +0000 (11:28 +1000)
commitb441980d53be1835b25f0cd6bcc0062da82032dd
tree792380c2a46226cabf38effb00e90debd8ea1117
parentf0eaefe046b1061797f45b0c20bb2ac371b504a5
Add missing check againt PDU size in __pmDecodeIDList routine

__pmDecodeIDList did not check that the incoming PDU actually contains
room for numids elements.  This could result in a client crash (read
buffer overflow, not exploitable for code execution) should a server
send too few IDs.

Original report and fixes reviewed by Florian Weimer of the Red Hat
Security team.  Red Hat bugzilla bug #841112.

Security advisory CVE-2012-3418.
src/libpcp/src/p_pmns.c