diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2015-03-14 09:21:30 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2015-04-22 21:03:45 -0700 |
commit | 83a84815d20d57d86d07ed4499011f4d257091e4 (patch) | |
tree | 78c53c9ae821459ad2f26551239709d547f56198 | |
parent | 2ca9bc019d024664fa0b156dc35eefeba2a2f576 (diff) |
Ensure lbxMaxServers stays within a reasonable range
Avoid opportunity for integer overflow when allocating servers array.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Kenneth Graunke <kenneth@whitecape.org>
-rw-r--r-- | di/utils.c | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -392,7 +392,11 @@ proxyProcessArgument(int argc, char **argv, int i) if (strcmp (argv[i], "-maxservers") == 0) { if (++i < argc) + { lbxMaxServers = atoi(argv[i]); + if (lbxMaxServers <= 0 || lbxMaxServers > 1024) + FatalError("out of range value for -maxservers"); + } else ShowHelpAndExit (1); return 2; @@ -449,6 +453,8 @@ ProcessCommandLine(int argc, char *argv[]) */ if ((env = getenv ("LBXPROXY_MAXSERVERS"))) lbxMaxServers = atoi (env); + if (lbxMaxServers <= 0 || lbxMaxServers > 1024) + FatalError("out of range value for LBXPROXY_MAXSERVERS"); for ( i = 1; i < argc; i++ ) { |