diff options
| author |  Jeffrey Hutzelman <jhutz@cmu.edu> | 2011-11-15 18:06:05 -0500 |
|---|---|---|
| committer | Jeffrey Hutzelman <jhutz@cmu.edu> | 2012-11-24 18:13:15 -0500 |
| commit | 170736db76139ed9fff9dbf70a55d4ba4f25d9bd (patch) | |
| tree | d69312600e9c64720f65eea5c7ba9f17f664aed9 /lib | |
| parent | 36a666058ff94b6ec1e99265f6408d553d87bc85 (diff) | |
Ignore garbage when packet len > message len
From -c shadow on 15-Nov-2011, discussing a problem where some notices
received from other realms were causing clients to crash:
So, the packet that crashed my client had extra garbage beyond what
should have been the end of the packet. So z_multinotice was 0/61,
but the packet was longer than 61. Which means the logic that should
have treated this as an unfragmented notice (because partof ==
z_message_len) did not trigger.
So a holelist gets created, with enough storage for partof, and then
Z_AddNoticeToEntry is called to copy z_message_len (> partof) bytes
into it.
So, I don't know why your client, or the server, or something, is sending
packets longer than the message length, but I don't think I actually want
to just discard those, because then "legitimate" messages would vanish.
Instead, if part + notice->z_message_len > partof, I just want to ignore
the extra.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Zinternal.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/Zinternal.c b/lib/Zinternal.c index 9ad6bda..f63d069 100644 --- a/lib/Zinternal.c +++ b/lib/Zinternal.c @@ -369,6 +369,10 @@ Z_ReadWait(void) if (partof > Z_MAXNOTICESIZE) return (ZERR_NONE); + /* Ignore garbage at the end */ + if (notice.z_message_len > partof - part) + notice.z_message_len = partof - part; + /* * If we aren't a server and we can find a notice in the queue * with the same multiuid field, insert the current fragment as |