Changeset 5145:c1a3ca765154 in roaraudio for libroar/ltm.c


Ignore:
Timestamp:
10/11/11 13:47:59 (13 years ago)
Author:
phi
Branch:
default
Phase:
public
Message:
  • Fixed invalid pointer aliasing in filter code (pr0)
  • Fixed remote a local buffer overflow in client to message converter code as well as a remote attackable overflow in message to client converter code (pr0)
  • Updated error handling (pr0)
File:
1 edited

Legend:

Unmodified
Added
Removed

  • libroar/ltm.c

    r4873 r5145  
    6565 size_t i; 
    6666 
    67  if ( mt == 0 || streams == NULL || slen == 0 || mes == NULL || buf == NULL ) { 
     67 if ( mt == 0 ) { 
    6868  roar_err_set(ROAR_ERROR_INVAL); 
     69  return -1; 
     70 } 
     71 
     72 if ( streams == NULL || slen == 0 || mes == NULL || buf == NULL ) { 
     73  roar_err_set(ROAR_ERROR_FAULT); 
    6974  return -1; 
    7075 } 
     
    172177 int    i; 
    173178 
    174  if ( con == NULL ) 
    175   return NULL; 
    176  
    177  if ( streams == NULL || slen == 0 ) 
    178   return NULL; 
     179 if ( con == NULL ) { 
     180  roar_err_set(ROAR_ERROR_FAULT); 
     181  return NULL; 
     182 } 
     183 
     184 if ( streams == NULL || slen == 0 ) { 
     185  roar_err_set(ROAR_ERROR_FAULT); 
     186  return NULL; 
     187 } 
    179188 
    180189 if ( roar_ltm_pack_req(mt, window, streams, slen, &mes, &buf, ROAR_LTM_SST_GET_RAW) == -1 ) 
     
    238247} 
    239248 
    240 #define _CKNULL(x) if ( (x) == NULL ) return -1 
    241 #define _RETMEMBERCKED(x,m) _CKNULL(x); return (x)->m 
     249#define _CKNULL(x) if ( (x) == NULL ) { roar_err_set(ROAR_ERROR_FAULT); return -1; } 
     250#define _RETMEMBERCKED(x,m) _CKNULL(x) return (x)->m 
    242251 
    243252int roar_ltm_get_numstreams(struct roar_ltm_result * res) { 
     
    258267 ROAR_DBG("roar_ltm_get_streamptr(res=%p, streamidx=%i) = ?", res, streamidx); 
    259268 
    260  if ( res == NULL || streamidx < 0 || streamidx >= res->streams ) 
    261   return NULL; 
     269 if ( res == NULL || streamidx < 0 || streamidx >= res->streams ) { 
     270  roar_err_set(ROAR_ERROR_FAULT); 
     271  return NULL; 
     272 } 
    262273 
    263274 ptr = res->data; 
     
    294305 ROAR_DBG("roar_ltm_extract(res=%p, mt=0x%.4x, streamidx=%i, channel=%i) = ?", res, mt, streamidx, channel); 
    295306 
    296  if ( roar_ltm_numbits(mt) != 1 ) 
    297   return -1; 
     307 if ( roar_ltm_numbits(mt) != 1 ) { 
     308  roar_err_set(ROAR_ERROR_INVAL); 
     309  return -1; 
     310 } 
    298311 
    299312 ROAR_DBG("roar_ltm_extract(res=%p, mt=0x%.4x, streamidx=%i, channel=%i) = ?", res, mt, streamidx, channel); 
     
    306319 ROAR_DBG("roar_ltm_extract(res=%p, mt=0x%.4x, streamidx=%i, channel=%i): numchans=%i", res, mt, streamidx, channel, numchans); 
    307320 
    308  if ( channel >= numchans ) 
    309   return -1; 
     321 if ( channel >= numchans ) { 
     322  roar_err_set(ROAR_ERROR_RANGE); 
     323  return -1; 
     324 } 
    310325 
    311326 ptr++; 
Note: See TracChangeset for help on using the changeset viewer.