-
Peter Hutterer authored
GetCountedString did a check for the whole string to be within the request buffer but not for the initial 2 bytes that contain the length field. A swapped client could send a malformed request to trigger a swaps() on those bytes, writing into random memory. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
11beef0b