From aff8d237f8edc63c01a17b372e6554905c37e401 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Mon, 8 May 2017 10:49:10 +0800
Subject: [PATCH] lws_write: report and reject suspicious lengths

---
 lib/output.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/output.c b/lib/output.c
index c77b5c05..a41b0e0d 100644
--- a/lib/output.c
+++ b/lib/output.c
@@ -244,6 +244,12 @@ LWS_VISIBLE int lws_write(struct lws *wsi, unsigned char *buf, size_t len,
 	int pre = 0, n;
 	size_t orig_len = len;
 
+	if ((int)len < 0) {
+		lwsl_err("%s: suspicious len int %d, ulong %lu\n", __func__,
+				(int)len, (unsigned long)len);
+		return -1;
+	}
+
 #ifdef LWS_WITH_ACCESS_LOG
 	wsi->access_log.sent += len;
 #endif