Module Name: src
Committed By: christos
Date: Wed Feb 3 05:34:21 UTC 2016
Modified Files:
src/usr.sbin/syslogd: tls.c
Log Message:
PR/50751: David Binderman: check bounds before dereferencing.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/usr.sbin/syslogd/tls.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/syslogd/tls.c
diff -u src/usr.sbin/syslogd/tls.c:1.11 src/usr.sbin/syslogd/tls.c:1.12
--- src/usr.sbin/syslogd/tls.c:1.11 Mon May 27 19:15:51 2013
+++ src/usr.sbin/syslogd/tls.c Wed Feb 3 00:34:21 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: tls.c,v 1.11 2013/05/27 23:15:51 christos Exp $ */
+/* $NetBSD: tls.c,v 1.12 2016/02/03 05:34:21 christos Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -45,7 +45,7 @@
*/
#include <sys/cdefs.h>
-__RCSID("$NetBSD: tls.c,v 1.11 2013/05/27 23:15:51 christos Exp $");
+__RCSID("$NetBSD: tls.c,v 1.12 2016/02/03 05:34:21 christos Exp $");
#ifndef DISABLE_TLS
#include "syslogd.h"
@@ -1590,8 +1590,8 @@ tls_split_messages(struct TLS_Incoming_C
}
/* read length prefix, always at start of buffer */
- while (isdigit((unsigned char)c->inbuf[offset])
- && offset < c->read_pos) {
+ while (offset < c->read_pos && isdigit((unsigned char)c->inbuf[offset]))
+ {
msglen *= 10;
msglen += c->inbuf[offset] - '0';
offset++;
