From 5f16494f584e52b08a5dcdc55fe891d01d02f3a4 Mon Sep 17 00:00:00 2001
From: Maxim Sharabayko <maxlovic@gmail.com>
Date: Tue, 19 Nov 2024 16:25:53 +0100
Subject: [PATCH] [core] Fixed getting SRTO_RCVBUF and SRTO_SNDBUF on a group.

The documented length is 4 bytes, the code was setting 8 bytes without checking `optlen`.
---
 srtcore/group.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/srtcore/group.cpp b/srtcore/group.cpp
index 3a9fc3f1d..c0df17ac8 100644
--- a/srtcore/group.cpp
+++ b/srtcore/group.cpp
@@ -472,7 +472,7 @@ template <size_t N>
 static void importStringOption(vector<CUDTGroup::ConfigItem>& storage, SRT_SOCKOPT optname, const StringStorage<N>& optval)
 {
     if (optval.empty())
-		return;
+        return;
 
     // Store the option when:
     // - option has a value (default is empty).
@@ -615,9 +615,11 @@ bool CUDTGroup::applyFlags(uint32_t flags, HandshakeSide)
 template <class Type>
 struct Value
 {
-    static int fill(void* optval, int, const Type& value)
+    static int fill(void* optval, int len, const Type& value)
     {
-        // XXX assert size >= sizeof(Type) ?
+        if (size_t(len) < sizeof(Type))
+            return 0;
+
         *(Type*)optval = value;
         return sizeof(Type);
     }
@@ -671,7 +673,7 @@ static bool getOptDefault(SRT_SOCKOPT optname, void* pw_optval, int& w_optlen)
 
     case SRTO_SNDBUF:
     case SRTO_RCVBUF:
-        w_optlen = fillValue((pw_optval), w_optlen, CSrtConfig::DEF_BUFFER_SIZE * (CSrtConfig::DEF_MSS - CPacket::UDP_HDR_SIZE));
+        w_optlen = fillValue<int>((pw_optval), w_optlen, CSrtConfig::DEF_BUFFER_SIZE * (CSrtConfig::DEF_MSS - CPacket::UDP_HDR_SIZE));
         break;
 
     case SRTO_LINGER: