From 7000fe664d16094741e6e6728f7998a2c45b7eb2 Mon Sep 17 00:00:00 2001
From: Niels Provos <provos@gmail.com>
Date: Tue, 30 Aug 2005 06:02:09 +0000
Subject: [PATCH] remove dos opportunity

svn:r180
---
 event_rpcgen.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/event_rpcgen.py b/event_rpcgen.py
index 50235d6c..af842994 100755
--- a/event_rpcgen.py
+++ b/event_rpcgen.py
@@ -795,6 +795,10 @@ class EntryVarBytes(Entry):
     def CodeUnmarshal(self, buf, tag_name, var_name):
         code = ['if (evtag_payload_length(%s, &%s->%s_length) == -1)' % (
             buf, var_name, self._name),
+                '  return (-1);',
+                # We do not want DoS opportunities
+                'if (%s->%s_length > EVBUFFER_LENGTH(%s))' % (
+            var_name, self._name, buf),
                 '  return (-1);',
                 'if ((%s->%s_data = malloc(%s->%s_length)) == NULL)' % (
             var_name, self._name, var_name, self._name),
-- 
2.40.0