From f8a4999e4078d47da3196041e13952d7243fe0f5 Mon Sep 17 00:00:00 2001 From: Richard Nyberg Date: Thu, 7 Jul 2005 12:55:44 +0000 Subject: [PATCH] The generic reader didn't have a buffer that was large enough to save uncomplete messages. I had forgotten about the four bytes of message length preceding the message. A buffer overflow could occur because of this. Ouch! --- btpd/net.c | 1 + btpd/net.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/btpd/net.c b/btpd/net.c index 6d1d220..e627378 100644 --- a/btpd/net.c +++ b/btpd/net.c @@ -766,6 +766,7 @@ net_generic_read(struct peer *p, unsigned long rmax) } if (off != len) { gr->iob.buf_off = len - off; + assert(gr->iob.buf_off <= gr->iob.buf_len); bcopy(buf + off, gr->iob.buf, gr->iob.buf_off); } event_add(&p->in_ev, NULL); diff --git a/btpd/net.h b/btpd/net.h index 5a2c704..7216362 100644 --- a/btpd/net.h +++ b/btpd/net.h @@ -65,7 +65,7 @@ struct handshake { char _io_buf[SHAKE_LEN]; }; -#define MAX_INPUT_LEFT 12 +#define MAX_INPUT_LEFT 16 struct generic_reader { struct input_reader rd;