diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-11-10 05:12:28 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:46:02 -0500 |
commit | 1aa141dbd56e4845cdaddf0c424212a317b78dcf (patch) | |
tree | 6df4847c53295a0ac6fc239c4438f48e0e741d7d | |
parent | 78422169b29d84bfebd8df705b00432d627d202d (diff) | |
download | samba-1aa141dbd56e4845cdaddf0c424212a317b78dcf.tar.gz samba-1aa141dbd56e4845cdaddf0c424212a317b78dcf.tar.xz samba-1aa141dbd56e4845cdaddf0c424212a317b78dcf.zip |
r11630: another fix for over-reading in the packet code. This time get the
sign of the comparison right :-)
(This used to be commit 7e40077aa793e29b5770aae2e07e964239e8249b)
-rw-r--r-- | source4/lib/stream/packet.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/source4/lib/stream/packet.c b/source4/lib/stream/packet.c index 76b796d4b5..7a453add53 100644 --- a/source4/lib/stream/packet.c +++ b/source4/lib/stream/packet.c @@ -34,7 +34,6 @@ struct packet_context { packet_full_request_fn_t full_request; packet_error_handler_fn_t error_handler; DATA_BLOB partial; - uint32_t initial_read_size; uint32_t num_read; uint32_t initial_read; struct tls_context *tls; @@ -183,7 +182,8 @@ static void packet_next_event(struct event_context *ev, struct timed_event *te, struct timeval t, void *private) { struct packet_context *pc = talloc_get_type(private, struct packet_context); - if (pc->num_read != 0 && pc->packet_size >= pc->num_read) { + if (pc->num_read != 0 && pc->packet_size != 0 && + pc->packet_size <= pc->num_read) { packet_recv(pc); } } @@ -196,7 +196,7 @@ void packet_recv(struct packet_context *pc) { size_t npending; NTSTATUS status; - size_t nread; + size_t nread = 0; DATA_BLOB blob; if (pc->processing) { @@ -268,8 +268,16 @@ void packet_recv(struct packet_context *pc) pc->num_read += nread; - /* see if its a full request */ next_partial: + if (pc->partial.length != pc->num_read) { + status = data_blob_realloc(pc, &pc->partial, pc->num_read); + if (!NT_STATUS_IS_OK(status)) { + packet_error(pc, status); + return; + } + } + + /* see if its a full request */ blob = pc->partial; blob.length = pc->num_read; status = pc->full_request(pc->private, blob, &pc->packet_size); |