From 52a93e6cc3ddda4d40da7dcc52b2ce094a3143b4 Mon Sep 17 00:00:00 2001
From: zolliker <zolliker>
Date: Tue, 16 Sep 2008 14:12:59 +0000
Subject: [PATCH] - inhibited buffer overflow in NetReaderTask - check for
 double registered sockets in NetReadRegister

---
 nread.c | 40 +++++++++++++++++++++++++++++++++++-----
 1 file changed, 35 insertions(+), 5 deletions(-)

diff --git a/nread.c b/nread.c
index 92a7e972..58dc0998 100644
--- a/nread.c
+++ b/nread.c
@@ -126,8 +126,10 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
   int NetReadRegister(pNetRead self, mkChannel *pSock, eNRType eType,
                       SConnection *pCon)
   {
-     NetItem sItem;
-  
+     NetItem sItem, sEntry;
+     char buffer[80];
+     int iRet;
+     
      assert(self);
      if(!VerifyChannel(pSock))
      {
@@ -142,6 +144,20 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
      sItem.iReadable = 0;
      memset(sItem.pHold,0,511);
      
+     /* check if the entry is already there */
+     iRet = LLDnodePtr2First(self->iList);
+     while(iRet != 0)
+     {
+       LLDnodeDataTo(self->iList,&sEntry);
+       if(sEntry.pSock->sockid == pSock->sockid)
+       {
+          snprintf(buffer, sizeof buffer, "NetReadRegister twice %d type %d", pSock->sockid, eType);
+          WriteToCommandLog("SYS>",buffer);
+          return 1;
+       }
+       iRet = LLDnodePtr2Next(self->iList);
+     }
+
      LLDnodeAppendFrom(self->iList, &sItem);
      return 1;
   }
@@ -690,6 +706,8 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
     char num[50];
     IPair *options = NULL;
     char buffer[1024];
+    int bufferLen;
+    static int bufferFull=0;
     
     self = (pNetRead)pData;
     assert(self);
@@ -709,6 +727,7 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
     iRet = LLDnodePtr2First(self->iList);
     iCount = 0;
     buffer[0] = '\0';
+    bufferLen = 0;
     while(iRet != 0)
     {
       LLDnodeDataTo(self->iList,&NItem);
@@ -716,8 +735,15 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
       {
         break;
       }
-      sprintf(num,"%d, type %d:", NItem.pSock->sockid, NItem.eType);
-      strcat(buffer,num);
+      snprintf(num,sizeof num, "%d, type %d:", NItem.pSock->sockid, NItem.eType);
+      if (bufferLen + strlen(num) < sizeof buffer) {
+        strcpy(buffer + bufferLen, num);
+        bufferLen += strlen(num);
+      } else {
+        if (bufferFull == 0) {
+          bufferFull = 1;
+        }
+      }
       FD_SET(NItem.pSock->sockid,&lMask);
       if(NItem.pSock->sockid > iCount)
       {
@@ -727,10 +753,14 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
       iRet = LLDnodePtr2Next(self->iList);
     }
     
-    snprintf(num,50,"%d", conCount);
+    snprintf(num,sizeof num,"%d", conCount);
     IFSetOption(pSICSOptions,"ConnectionCount",num);
     IFSetOption(pSICSOptions,"ConMask",buffer);
     
+    if (bufferFull == 1) {
+      bufferFull = 2;
+      WriteToCommandLog("BUFFERFULL>",buffer);
+    }
     
     /* the select itself */
     tmo.tv_usec = self->iReadTimeout;