mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-11-05 17:28:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

netconn_write_vectors_partly() watch out for overflow of data to send (must fit into INT_MAX for sockets)

Browse Source
This commit is contained in:
goldsimon 2017-03-07 21:30:03 +01:00
parent 4dd378b126
commit 270fdfff07
1 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/api/api_lib.c
View File

@ -877,13 +877,6 @@ netconn_write_vectors_partly(struct netconn *conn, struct netvector *vectors, u1
LWIP_ERROR("netconn_write: invalid conn", (conn != NULL), return ERR_ARG;);
LWIP_ERROR("netconn_write: invalid conn->type", (NETCONNTYPE_GROUP(conn->type)== NETCONN_TCP), return ERR_VAL;);
size = 0;
for (i = 0; i < vectorcnt; i++) {
size += vectors[i].len;
}
if (size == 0) {
return ERR_OK;
}
dontblock = netconn_is_nonblocking(conn) || (apiflags & NETCONN_DONTBLOCK);
#if LWIP_SO_SNDTIMEO
if (conn->send_timeout != 0) {
@ -896,6 +889,22 @@ netconn_write_vectors_partly(struct netconn *conn, struct netvector *vectors, u1
return ERR_VAL;
}
/* sum up the total size */
size = 0;
for (i = 0; i < vectorcnt; i++) {
size += vectors[i].len;
if (size < vectors[i].len) {
/* overflow */
return ERR_VAL;
}
}
if (size == 0) {
return ERR_OK;
} else if (size > INT_MAX) {
/* this is required by the socket layer (cannot send full size_t range) */
return ERR_VAL;
}
API_MSG_VAR_ALLOC(msg);
/* non-blocking write sends as much */
API_MSG_VAR_REF(msg).conn = conn;