QPID-3030: prevent buffer overflow when writing sequences of bytes.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1066097 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 5 insertions, 0 deletions

diff --git a/qpid/cpp/src/qpid/framing/Buffer.cpp b/qpid/cpp/src/qpid/framing/Buffer.cpp
index 7506cdca7b..5a5bc0325e 100644
--- a/qpid/cpp/src/qpid/framing/Buffer.cpp
+++ b/qpid/cpp/src/qpid/framing/Buffer.cpp
@@ -246,6 +246,7 @@ void Buffer::putShortString(const string& s){
     size_t slen = s.length();
     if (slen <= std::numeric_limits<uint8_t>::max()) {
         uint8_t len = (uint8_t) slen;
+        checkAvailable(slen + 1);
         putOctet(len);
         s.copy(data + position, len);
         position += len;
@@ -258,6 +259,7 @@ void Buffer::putMediumString(const string& s){
     size_t slen = s.length();
     if (slen <= std::numeric_limits<uint16_t>::max()) {
         uint16_t len = (uint16_t) slen;
+        checkAvailable(slen + 2);
         putShort(len);
         s.copy(data + position, len);
         position += len;
@@ -268,6 +270,7 @@ void Buffer::putMediumString(const string& s){
 
 void Buffer::putLongString(const string& s){
     uint32_t len = s.length();
+    checkAvailable(len + 4);
     putLong(len);
     s.copy(data + position, len);
     position += len;    
@@ -301,6 +304,7 @@ void Buffer::getBin128(uint8_t* b){
 
 void Buffer::putRawData(const string& s){
     uint32_t len = s.length();
+    checkAvailable(len);
     s.copy(data + position, len);
     position += len;    
 }
@@ -312,6 +316,7 @@ void Buffer::getRawData(string& s, uint32_t len){
 }
 
 void Buffer::putRawData(const uint8_t* s, size_t len){
+    checkAvailable(len);
     memcpy(data + position, s, len);
     position += len;    
 }