admin-socket: fix potential buffer overflow

Add code to ensure cmd[pos] is valid memory.

Signed-off-by: Yunchuan Wen <yunchuan.wen@kylin-cloud.com>

diff --git a/src/common/admin_socket.cc b/src/common/admin_socket.cc
index 28c5620927b79b11ba2155f79d37b0403f157148..d449277326141631913d122473557d874d01cc66 100644 (file)
--- a/src/common/admin_socket.cc
+++ b/src/common/admin_socket.cc
@@ -315,7 +315,7 @@ bool AdminSocket::do_accept()
   }
 
   char cmd[1024];
-  int pos = 0;
+  unsigned pos = 0;
   string c;
   while (1) {
     int ret = safe_read(connection_fd, &cmd[pos], 1);
@@ -353,7 +353,11 @@ bool AdminSocket::do_accept()
        break;
       }
     }
-    pos++;
+    if (++pos >= sizeof(cmd)) {
+      lderr(m_cct) << "AdminSocket: error reading request too long" << dendl;
+      VOID_TEMP_FAILURE_RETRY(close(connection_fd));
+      return false;
+    }
   }
 
   bool rval = false;