1 files changed, 33 insertions, 4 deletions

diff --git a/src/lib/util/io_utilities.h b/src/lib/util/io_utilities.h
index cd35364f7c..4cfa999f75 100644
--- a/src/lib/util/io_utilities.h
+++ b/src/lib/util/io_utilities.h
@@ -15,6 +15,7 @@
 #ifndef IO_UTILITIES_H
 #define IO_UTILITIES_H
 
+#include <exceptions/exceptions.h>
 #include <cstddef>
 
 namespace isc {
@@ -28,10 +29,17 @@ namespace util {
 /// \param buffer Data buffer at least two bytes long of which the first two
 ///        bytes are assumed to represent a 16-bit integer in network-byte
 ///        order.
+/// \param length Length of the data buffer.
 ///
 /// \return Value of 16-bit integer
 inline uint16_t
-readUint16(const void* buffer) {
+readUint16(const void* buffer, size_t length) {
+    if (length < sizeof(uint16_t)) {
+        isc_throw(isc::OutOfRange,
+                  "Length (" << length << ") of buffer is insufficient " <<
+                  "to read a uint16_t");
+    }
+
     const uint8_t* byte_buffer = static_cast<const uint8_t*>(buffer);
 
     uint16_t result = (static_cast<uint16_t>(byte_buffer[0])) << 8;
@@ -48,10 +56,17 @@ readUint16(const void* buffer) {
 /// \param value 16-bit value to convert
 /// \param buffer Data buffer at least two bytes long into which the 16-bit
 ///        value is written in network-byte order.
+/// \param length Length of the data buffer.
 ///
 /// \return pointer to the next byte after stored value
 inline uint8_t*
-writeUint16(uint16_t value, void* buffer) {
+writeUint16(uint16_t value, void* buffer, size_t length) {
+    if (length < sizeof(uint16_t)) {
+        isc_throw(isc::OutOfRange,
+                  "Length (" << length << ") of buffer is insufficient " <<
+                  "to write a uint16_t");
+    }
+
     uint8_t* byte_buffer = static_cast<uint8_t*>(buffer);
 
     byte_buffer[0] = static_cast<uint8_t>((value & 0xff00U) >> 8);
@@ -65,10 +80,17 @@ writeUint16(uint16_t value, void* buffer) {
 /// \param buffer Data buffer at least four bytes long of which the first four
 ///        bytes are assumed to represent a 32-bit integer in network-byte
 ///        order.
+/// \param length Length of the data buffer.
 ///
 /// \return Value of 32-bit unsigned integer
 inline uint32_t
-readUint32(const uint8_t* buffer) {
+readUint32(const uint8_t* buffer, size_t length) {
+    if (length < sizeof(uint32_t)) {
+        isc_throw(isc::OutOfRange,
+                  "Length (" << length << ") of buffer is insufficient " <<
+                  "to read a uint32_t");
+    }
+
     const uint8_t* byte_buffer = static_cast<const uint8_t*>(buffer);
 
     uint32_t result = (static_cast<uint32_t>(byte_buffer[0])) << 24;
@@ -84,10 +106,17 @@ readUint32(const uint8_t* buffer) {
 /// \param value 32-bit value to convert
 /// \param buffer Data buffer at least four bytes long into which the 32-bit
 ///        value is written in network-byte order.
+/// \param length Length of the data buffer.
 ///
 /// \return pointer to the next byte after stored value
 inline uint8_t*
-writeUint32(uint32_t value, uint8_t* buffer) {
+writeUint32(uint32_t value, uint8_t* buffer, size_t length) {
+    if (length < sizeof(uint32_t)) {
+        isc_throw(isc::OutOfRange,
+                  "Length (" << length << ") of buffer is insufficient " <<
+                  "to write a uint32_t");
+    }
+
     uint8_t* byte_buffer = static_cast<uint8_t*>(buffer);
 
     byte_buffer[0] = static_cast<uint8_t>((value & 0xff000000U) >> 24);