From 170736db76139ed9fff9dbf70a55d4ba4f25d9bd Mon Sep 17 00:00:00 2001 From: Jeffrey Hutzelman Date: Tue, 15 Nov 2011 18:06:05 -0500 Subject: Ignore garbage when packet len > message len From -c shadow on 15-Nov-2011, discussing a problem where some notices received from other realms were causing clients to crash: So, the packet that crashed my client had extra garbage beyond what should have been the end of the packet. So z_multinotice was 0/61, but the packet was longer than 61. Which means the logic that should have treated this as an unfragmented notice (because partof == z_message_len) did not trigger. So a holelist gets created, with enough storage for partof, and then Z_AddNoticeToEntry is called to copy z_message_len (> partof) bytes into it. So, I don't know why your client, or the server, or something, is sending packets longer than the message length, but I don't think I actually want to just discard those, because then "legitimate" messages would vanish. Instead, if part + notice->z_message_len > partof, I just want to ignore the extra. --- lib/Zinternal.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib') diff --git a/lib/Zinternal.c b/lib/Zinternal.c index 9ad6bda..f63d069 100644 --- a/lib/Zinternal.c +++ b/lib/Zinternal.c @@ -369,6 +369,10 @@ Z_ReadWait(void) if (partof > Z_MAXNOTICESIZE) return (ZERR_NONE); + /* Ignore garbage at the end */ + if (notice.z_message_len > partof - part) + notice.z_message_len = partof - part; + /* * If we aren't a server and we can find a notice in the queue * with the same multiuid field, insert the current fragment as -- cgit v1.2.3