Add field validation to PCP instance PDU decoding
authorNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:43 +0000 (11:28 +1000)
committerNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:43 +0000 (11:28 +1000)
commitbabd6c5c527f87ec838c13a1b4eba612af6ea27c
tree7df6692db8cd4a74bc6c407fa656d8d02e3ce098
parentbfb3ab8c6b3d75b1a6580feee76a7d0925a3633c
Add field validation to PCP instance PDU decoding

__pmDecodeInstance does not check the numinst and namelen values against
the length of the PDU.  As a result, an application which decodes crafted
PDU_INSTANCE packets can crash.

Original report and fixes reviewed by Florian Weimer of the Red Hat
Security team.  Red Hat bugzilla bug #841284.

Security advisory CVE-2012-3418.
src/libpcp/src/p_instance.c