linse/sics
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- inhibited buffer overflow in NetReaderTask

Browse Source 
- check for double registered sockets in NetReadRegister
This commit is contained in:
zolliker
2008-09-16 14:12:59 +00:00
parent e0c6c635b4
commit 52a93e6cc3
1 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
nread.c
View File

@ -126,8 +126,10 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
int NetReadRegister(pNetRead self, mkChannel *pSock, eNRType eType, int NetReadRegister(pNetRead self, mkChannel *pSock, eNRType eType,
SConnection *pCon) SConnection *pCon)
{ {
NetItem sItem; NetItem sItem, sEntry;
char buffer[80];
int iRet;
assert(self); assert(self);
if(!VerifyChannel(pSock)) if(!VerifyChannel(pSock))
{ {
@ -142,6 +144,20 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
sItem.iReadable = 0; sItem.iReadable = 0;
memset(sItem.pHold,0,511); memset(sItem.pHold,0,511);
/* check if the entry is already there */
iRet = LLDnodePtr2First(self->iList);
while(iRet != 0)
{
LLDnodeDataTo(self->iList,&sEntry);
if(sEntry.pSock->sockid == pSock->sockid)
{
snprintf(buffer, sizeof buffer, "NetReadRegister twice %d type %d", pSock->sockid, eType);
WriteToCommandLog("SYS>",buffer);
return 1;
}
iRet = LLDnodePtr2Next(self->iList);
}
LLDnodeAppendFrom(self->iList, &sItem); LLDnodeAppendFrom(self->iList, &sItem);
return 1; return 1;
} }
@ -690,6 +706,8 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
char num[50]; char num[50];
IPair *options = NULL; IPair *options = NULL;
char buffer[1024]; char buffer[1024];
int bufferLen;
static int bufferFull=0;
self = (pNetRead)pData; self = (pNetRead)pData;
assert(self); assert(self);
@ -709,6 +727,7 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
iRet = LLDnodePtr2First(self->iList); iRet = LLDnodePtr2First(self->iList);
iCount = 0; iCount = 0;
buffer[0] = '\0'; buffer[0] = '\0';
bufferLen = 0;
while(iRet != 0) while(iRet != 0)
{ {
LLDnodeDataTo(self->iList,&NItem); LLDnodeDataTo(self->iList,&NItem);
@ -716,8 +735,15 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
{ {
break; break;
} }
sprintf(num,"%d, type %d:", NItem.pSock->sockid, NItem.eType); snprintf(num,sizeof num, "%d, type %d:", NItem.pSock->sockid, NItem.eType);
strcat(buffer,num); if (bufferLen + strlen(num) < sizeof buffer) {
strcpy(buffer + bufferLen, num);
bufferLen += strlen(num);
} else {
if (bufferFull == 0) {
bufferFull = 1;
}
}
FD_SET(NItem.pSock->sockid,&lMask); FD_SET(NItem.pSock->sockid,&lMask);
if(NItem.pSock->sockid > iCount) if(NItem.pSock->sockid > iCount)
{ {
@ -727,10 +753,14 @@ extern int VerifyChannel(mkChannel *self); /* defined in network.c */
iRet = LLDnodePtr2Next(self->iList); iRet = LLDnodePtr2Next(self->iList);
} }
snprintf(num,50,"%d", conCount); snprintf(num,sizeof num,"%d", conCount);
IFSetOption(pSICSOptions,"ConnectionCount",num); IFSetOption(pSICSOptions,"ConnectionCount",num);
IFSetOption(pSICSOptions,"ConMask",buffer); IFSetOption(pSICSOptions,"ConMask",buffer);
if (bufferFull == 1) {
bufferFull = 2;
WriteToCommandLog("BUFFERFULL>",buffer);
}
/* the select itself */ /* the select itself */
tmo.tv_usec = self->iReadTimeout; tmo.tv_usec = self->iReadTimeout;