From: Jaroslav Kysela <perex@perex.cz>
Date: Wed, 5 Dec 2018 11:14:09 +0000 (+0100)
Subject: htsmsg: check the field/key name length (max 255 characters), issue #5359
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42fd13d4c822edfc269e6b527333ab5666211f9d;p=thirdparty%2Ftvheadend.git

htsmsg: check the field/key name length (max 255 characters), issue #5359
---

diff --git a/src/htsmsg.c b/src/htsmsg.c
index b45dd929f..734419aa3 100644
--- a/src/htsmsg.c
+++ b/src/htsmsg.c
@@ -125,7 +125,13 @@ htsmsg_field_add(htsmsg_t *msg, const char *name, int type, int flags, size_t es
     assert(name != NULL);
   }
 
-  nsize = name ? htsmsg_malloc_align(type, strlen(name) + 1) : 0;
+  if (name) {
+    nsize = strlen(name);
+    assert(nsize < 256); /* limit for htsmsg_binary2 */
+    nsize = htsmsg_malloc_align(type, nsize + 1);
+  } else {
+    nsize = 0;
+  }
   f = malloc(sizeof(htsmsg_field_t) + nsize + esize);
   if (f == NULL)
     return NULL;