--- a/src/server/util/pool.c Tue Aug 13 22:14:32 2019 +0200 +++ b/src/server/util/pool.c Sat Sep 24 16:26:10 2022 +0200 @@ -65,6 +65,7 @@ #include <stdlib.h> #include <string.h> +#include <limits.h> //define PERM_MALLOC malloc //define PERM_FREE free //define PERM_REALLOC realloc @@ -91,6 +92,8 @@ return 0; } +#define POOL_MIN_BLOCKSIZE 128 + NSAPI_PUBLIC int pool_init(pblock *pb, Session *sn, Request *rq) { @@ -101,11 +104,22 @@ int n; //printf("standard block size: %d\n", pool_config.block_size); - + if (str_block_size != NULL) { - n = atoi(str_block_size); - if (n > 0) - pool_config.block_size = n; + int64_t value; + if(!util_strtoint(str_block_size, &value)) { + log_ereport(LOG_MISCONFIG, "pool-init: param 'block-size' is not an integer"); + return REQ_ABORTED; + } + if(value > INT_MAX) { + log_ereport(LOG_MISCONFIG, "pool-init: block-size is too big"); + return REQ_ABORTED; + } + if(value < POOL_MIN_BLOCKSIZE) { + log_ereport(LOG_MISCONFIG, "pool-init: block-size is too small"); + return REQ_ABORTED; + } + pool_config.block_size = value; } if (str_pool_disable && util_getboolean(str_pool_disable, PR_TRUE)) {