From 89e918e9d738de25eacb03d8e7b2f78c097c7e7b Mon Sep 17 00:00:00 2001
From: Peter Lieven <pl@kamp.de>
Date: Fri, 26 Oct 2012 17:12:07 +0200
Subject: [PATCH] SOCKET validate data_size in in_pdu header

---
 lib/socket.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/socket.c b/lib/socket.c
index 5e50954..1376527 100644
--- a/lib/socket.c
+++ b/lib/socket.c
@@ -333,6 +333,10 @@ iscsi_read_from_socket(struct iscsi_context *iscsi)
 	}
 
 	data_size = iscsi_get_pdu_data_size(&in->hdr[0]);
+	if (data_size < 0 || data_size > iscsi->initiator_max_recv_data_segment_length) {
+		iscsi_set_error(iscsi, "Invalid data size received from target (%d)", (int)data_size);
+		return -1;
+	}
 	if (data_size != 0) {
 		unsigned char *buf = NULL;