Ensure lbxMaxServers stays within a reasonable range

Avoid opportunity for integer overflow when allocating servers array. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Kenneth Graunke <kenneth@whitecape.org>
author: Alan Coopersmith <alan.coopersmith@oracle.com> 2015-03-14 09:21:30 -0700
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2015-04-22 21:03:45 -0700
commit: 83a84815d20d57d86d07ed4499011f4d257091e4 (patch)
tree: 78c53c9ae821459ad2f26551239709d547f56198
parent: 2ca9bc019d024664fa0b156dc35eefeba2a2f576 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/di/utils.c b/di/utils.c
index 7f7aa46..752d913 100644
--- a/di/utils.c
+++ b/di/utils.c
@@ -392,7 +392,11 @@ proxyProcessArgument(int argc, char **argv, int i)
     if (strcmp (argv[i], "-maxservers") == 0)
     {
 	if (++i < argc)
+	{
 	    lbxMaxServers = atoi(argv[i]);
+	    if (lbxMaxServers <= 0 || lbxMaxServers > 1024)
+		FatalError("out of range value for -maxservers");
+	}
 	else
 	    ShowHelpAndExit (1);
 	return 2;
@@ -449,6 +453,8 @@ ProcessCommandLine(int argc, char *argv[])
      */
     if ((env = getenv ("LBXPROXY_MAXSERVERS")))
 	lbxMaxServers = atoi (env);
+    if (lbxMaxServers <= 0 || lbxMaxServers > 1024)
+        FatalError("out of range value for LBXPROXY_MAXSERVERS");
 
     for ( i = 1; i < argc; i++ )
     {
author	Alan Coopersmith <alan.coopersmith@oracle.com>	2015-03-14 09:21:30 -0700
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2015-04-22 21:03:45 -0700
commit	83a84815d20d57d86d07ed4499011f4d257091e4 (patch)
tree	78c53c9ae821459ad2f26551239709d547f56198
parent	2ca9bc019d024664fa0b156dc35eefeba2a2f576 (diff)