On Sun, 2021-03-28 at 13:00 -0400, Willem de Bruijn wrote: > On Wed, Mar 24, 2021 at 2:20 PM Andreas Roeseler > <andreas.a.roese...@gmail.com> wrote: > > > > > + if (!ext_hdr || !iio) > > + goto send_mal_query; > > + if (ntohs(iio->extobj_hdr.length) <= sizeof(iio- > > >extobj_hdr)) > > + goto send_mal_query; > > + ident_len = ntohs(iio->extobj_hdr.length) - sizeof(iio- > > >extobj_hdr); > > As asked in v3: this can have negative overflow?
The line above checks that iio->extobj_hdr.length is greater than the size of iio->extobj_hdr.
