Fix another DoS vulnerability, also identified Luigi Auriemma (closes #67)

git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1446 fefdeb5f-60dc-0310-8127-8f9354f1896f

diff --git a/src/pulsecore/pstream.c b/src/pulsecore/pstream.c
index dbee77634d45a483053ab0545d3ba8fa1121f95e..897e4295fb9648dae655b4a2e142c64ec12ae9b7 100644 (file)
--- a/src/pulsecore/pstream.c
+++ b/src/pulsecore/pstream.c
@@ -662,7 +662,7 @@ static int do_read(pa_pstream *p) {
 
         length = ntohl(p->read.descriptor[PA_PSTREAM_DESCRIPTOR_LENGTH]);
 
-        if (length > FRAME_SIZE_MAX_ALLOW) {
+        if (length > FRAME_SIZE_MAX_ALLOW || length <= 0) {
             pa_log_warn("Recieved invalid frame size : %lu", (unsigned long) length);
             return -1;
         }