diff --git a/src/iperf.h b/src/iperf.h index f297587d1..7d14a3453 100644 --- a/src/iperf.h +++ b/src/iperf.h @@ -436,6 +436,8 @@ struct iperf_test #define UDP_BUFFER_EXTRA 1024 +#define MAX_PARAMS_JSON_STRING 8 * 1024 + /* constants for command line arg sanity checks */ #define MB (1024 * 1024) #define MAX_TCP_BUFFER (512 * MB) diff --git a/src/iperf_api.c b/src/iperf_api.c index dcf386c30..60efd1273 100644 --- a/src/iperf_api.c +++ b/src/iperf_api.c @@ -2805,35 +2805,41 @@ JSON_read(int fd) * Then read the JSON into a buffer and parse it. Return a parsed JSON * structure, NULL if there was an error. */ - if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) { - hsize = ntohl(nsize); - /* Allocate a buffer to hold the JSON */ - strsize = hsize + 1; /* +1 for trailing NULL */ - if (strsize) { - str = (char *) calloc(sizeof(char), strsize); - if (str != NULL) { - rc = Nread(fd, str, hsize, Ptcp); - if (rc >= 0) { - /* - * We should be reading in the number of bytes corresponding to the - * length in that 4-byte integer. If we don't the socket might have - * prematurely closed. Only do the JSON parsing if we got the - * correct number of bytes. - */ - if (rc == hsize) { - json = cJSON_Parse(str); - } - else { - printf("WARNING: Size of data read does not correspond to offered length\n"); - } - } - } - free(str); + rc = Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp); + if (rc == sizeof(nsize)) { + hsize = ntohl(nsize); + if (hsize > 0 && hsize <= MAX_PARAMS_JSON_STRING) { + /* Allocate a buffer to hold the JSON */ + strsize = hsize + 1; /* +1 for trailing NULL */ + if (strsize) { + str = (char *) calloc(sizeof(char), strsize); + if (str != NULL) { + rc = Nread(fd, str, hsize, Ptcp); + if (rc >= 0) { + /* + * We should be reading in the number of bytes corresponding to the + * length in that 4-byte integer. If we don't the socket might have + * prematurely closed. Only do the JSON parsing if we got the + * correct number of bytes. + */ + if (rc == hsize) { + json = cJSON_Parse(str); + } + else { + warning("JSON size of data read does not correspond to offered length"); + } + } + free(str); + } + } } else { - printf("WARNING: Data length overflow\n"); + warning("JSON data length overflow"); } } + else { + warning("Failed to read JSON data size"); + } return json; }