diff options
| author | Marcus Meissner <marcus@jet.franken.de> | 2019-12-30 08:24:37 +0100 |
|---|---|---|
| committer | Marcus Meissner <marcus@jet.franken.de> | 2019-12-30 08:24:37 +0100 |
| commit | da3ee3312e36bf27c1c03d1f6ccce8d79355a732 (patch) | |
| tree | 3a8da2e56e3f4cfe4ecec4bb0ea473f05f68e06f | |
| parent | 6858bab274b9b7f33c22f004ebcea5d0892682ff (diff) | |
| download | libgphoto2-da3ee3312e36bf27c1c03d1f6ccce8d79355a732.tar.gz | |
stv0674: add an arbitrary limit to avoid DOS by large allocs (AFL)
| -rw-r--r-- | camlibs/stv0674/stv0674.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/camlibs/stv0674/stv0674.c b/camlibs/stv0674/stv0674.c index fe832c63d..398ed5afa 100644 --- a/camlibs/stv0674/stv0674.c +++ b/camlibs/stv0674/stv0674.c @@ -107,6 +107,10 @@ static int file_list_func (CameraFilesystem *fs, const char *folder, GP_DEBUG("file count returned %d\n",result); return result; } + if (count > 10000) { /* arbitrary limit to avoid resource exhaustion by malicious USB */ + GP_DEBUG("count %d is over 10000 arbitrary limit. Increase if needed.\n", count); + return GP_ERROR_CORRUPTED_DATA; + } GP_DEBUG("count is %x\n",count); |