From 428268a71e9eaf2009187e48354f2ec85f0830f6 Mon Sep 17 00:00:00 2001
From: Michael Davidsaver <mdavidsaver@bnl.gov>
Date: Sat, 11 Jan 2014 10:59:57 -0500
Subject: [PATCH] rsrv: avoid strlen() on possible unterminated strings

Detect these w/o risk of SIGSEGV
---
 src/rsrv/camessage.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/rsrv/camessage.c b/src/rsrv/camessage.c
index 800d90810..93c624298 100644
--- a/src/rsrv/camessage.c
+++ b/src/rsrv/camessage.c
@@ -21,6 +21,7 @@
 
 #include "osiSock.h"
 #include "osiPoolStatus.h"
+#include "epicsString.h"
 #include "epicsEvent.h"
 #include "epicsStdio.h"
 #include "epicsThread.h"
@@ -708,7 +709,7 @@ static int read_action ( caHdrLargeArray *mp, void *pPayloadIn, struct client *p
      */
     if ( mp->m_dataType == DBR_STRING && mp->m_count == 1 ) {
         char * pStr = (char *) pPayload;
-        size_t strcnt = strlen ( pStr );
+        size_t strcnt = epicsStrnLen( pStr, payloadSize );
         if ( strcnt < payloadSize ) {
             payloadSize = ( ca_uint32_t ) ( strcnt + 1u );
         }
@@ -843,7 +844,7 @@ static int write_action ( caHdrLargeArray *mp,
 static int host_name_action ( caHdrLargeArray *mp, void *pPayload,
     struct client *client )
 {
-    unsigned                size;
+    ca_uint32_t             size;
     char                    *pName;
     char                    *pMalloc;
     int                     chanCount;
@@ -867,8 +868,8 @@ static int host_name_action ( caHdrLargeArray *mp, void *pPayload,
     }
 
     pName = (char *) pPayload;
-    size = strlen(pName)+1;
-    if (size > 512) {
+    size = epicsStrnLen(pName, mp->m_postsize)+1;
+    if (size > 512 || size > mp->m_postsize) {
         log_header ( "bad (very long) host name", 
             client, mp, pPayload, 0 );
         SEND_LOCK(client);
@@ -922,7 +923,7 @@ static int host_name_action ( caHdrLargeArray *mp, void *pPayload,
 static int client_name_action ( caHdrLargeArray *mp, void *pPayload,
     struct client *client )
 {
-    unsigned                size;
+    ca_uint32_t             size;
     char                    *pName;
     char                    *pMalloc;
     int                     chanCount;
@@ -946,8 +947,8 @@ static int client_name_action ( caHdrLargeArray *mp, void *pPayload,
     }
 
     pName = (char *) pPayload;
-    size = strlen(pName)+1;
-    if (size > 512) {
+    size = epicsStrnLen(pName, mp->m_postsize)+1;
+    if (size > 512 || size > mp->m_postsize) {
         log_header ("a very long user name was specified", 
             client, mp, pPayload, 0);
         SEND_LOCK(client);