Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Per Cederqvist
lyskom-server-ceder-1616-generations-topgit
Commits
53612c10
Commit
53612c10
authored
Jun 13, 1991
by
Per Cederqvist
Browse files
Fixed possible memory leak in mux_parse_string. This needs more work.
parent
13b4e7a1
Changes
1
Hide whitespace changes
Inline
Side-by-side
src/server/mux-parse.c
View file @
53612c10
...
...
@@ -7,6 +7,7 @@
#include
<stdarg.h>
#include
<string.h>
#include
"lyskomd.h"
#include
"s-string.h"
#include
<kom-types.h>
#include
"com.h"
#include
"connections.h"
...
...
@@ -19,7 +20,7 @@
#include
"mux-parse.h"
#include
"minmax.h"
#include
"config.h"
#include
<s-strin
g.h
>
#include
"lo
g.h
"
jmp_buf
mux_parse_env
;
...
...
@@ -64,7 +65,11 @@ mux_parse_long(Mux *mux)
/*
* Parse a string. At most 'maxlen' characters are allowed. If the
* mux sends a longer string only the first 'maxlen+1' characters
* are read. The following characters are discarded.
* are read. Any remaining characters are discarded.
*
* longjmp if not enough characters are available or if there
* is an error. Result is used to save state in that case.
* +++ Result should not be used to save state.
*/
static
void
mux_parse_string
(
Mux
*
mux
,
...
...
@@ -75,16 +80,16 @@ mux_parse_string(Mux *mux,
String_size
mux_len
;
/* The len the mux is sending. */
String_size
truncated_len
;
/* How much the server will receive. */
String_size
to_skip
;
String
tmp
;
static
u_long
err_cnt
=
0
;
switch
(
mux
->
parse
.
string_parse_pos
)
{
case
0
:
/* Get number and discard trailing 'H' */
result
->
len
=
s_strtol
(
s_fsubstr
(
mux
->
parse
.
unparsed
,
mux
->
parse
.
first_to_parse
,
END_OF_STRING
),
&
hptr
,
PROTOCOL_NUMBER_BASE
);
mux_
len
=
s_strtol
(
s_fsubstr
(
mux
->
parse
.
unparsed
,
mux
->
parse
.
first_to_parse
,
END_OF_STRING
),
&
hptr
,
PROTOCOL_NUMBER_BASE
);
if
(
hptr
==
-
1
||
mux
->
parse
.
first_to_parse
+
hptr
...
...
@@ -97,6 +102,8 @@ mux_parse_string(Mux *mux,
a) there is a trailing H
b) there was at least one digit before the H */
/* +++ Use s-string.c to extract the char. */
/* +++ Fix prot_a_parse_string also. */
if
(
mux
->
parse
.
unparsed
.
string
[
mux
->
parse
.
first_to_parse
+
hptr
]
!=
'H'
||
hptr
<=
0
)
...
...
@@ -111,8 +118,7 @@ mux_parse_string(Mux *mux,
/* Check that the entire string is transmitted. */
/* (Don't care about the trailing part that will be skipped if the
* string is longer than maxlen) */
truncated_len
=
min
(
maxlen
+
1
,
result
->
len
);
mux_len
=
result
->
len
;
truncated_len
=
min
(
maxlen
+
1
,
mux_len
);
if
(
mux
->
parse
.
first_to_parse
+
truncated_len
>
s_strlen
(
mux
->
parse
.
unparsed
)
)
...
...
@@ -120,35 +126,53 @@ mux_parse_string(Mux *mux,
longjmp
(
mux_parse_env
,
MUX_MSG_INCOMPLETE
);
}
result
->
string
=
(
mux
->
parse
.
unparsed
.
string
+
mux
->
parse
.
first_to_parse
);
result
->
len
=
truncated_len
;
tmp
=
EMPTY_STRING
;
s_strcpy
(
&
tmp
,
*
result
);
/* Copy the string. */
*
result
=
tmp
;
result
->
len
=
mux_len
;
if
(
(
result
->
len
!=
0
||
result
->
string
!=
NULL
)
&&
err_cnt
++
<
20
)
{
log
(
"mux_parse_string(): result->len == %lu, "
"result->string == %lu. This memory will not be free()'d.
\n
"
,
(
u_long
)
result
->
len
,
(
u_long
)
result
->
string
);
*
result
=
EMPTY_STRING
;
if
(
err_cnt
==
20
)
log
(
"Won't log the above warning no more."
);
}
s_mem_crea_str
(
result
,
mux
->
parse
.
unparsed
.
string
+
mux
->
parse
.
first_to_parse
,
truncated_len
);
mux
->
parse
.
first_to_parse
+=
truncated_len
;
mux
->
parse
.
string_parse_pos
=
2
;
result
->
len
=
mux_len
;
/* Can't transfer the local mux_len across
* call boundary. +++ There should be room
* for mux_len in the per-connection
* protocol data.
*/
/* Fall through */
case
2
:
/* Was the string too long? If so, skip the truncated data. */
mux_len
=
result
->
len
;
mux_len
=
result
->
len
;
/* +++ shouldn't modify ->len */
truncated_len
=
min
(
maxlen
+
1
,
result
->
len
);
if
(
mux_len
>
truncated_len
)
{
to_skip
=
min
(
mux_len
-
truncated_len
,
mux
->
parse
.
unparsed
.
len
-
mux
->
parse
.
first_to_parse
);
mux
->
parse
.
unparsed
.
len
-
mux
->
parse
.
first_to_parse
);
/* From now on, mux_len is length of result + numer of
chars to skip. Clean up this! +++
*/
mux_len
-=
to_skip
;
mux
->
parse
.
first_to_parse
+=
to_skip
;
}
result
->
len
=
mux_len
;
if
(
mux_len
>
truncated_len
)
{
/* +++ mux_len is transferred in result->len. */
longjmp
(
mux_parse_env
,
MUX_MSG_INCOMPLETE
);
}
/* Fall through */
default:
mux
->
parse
.
string_parse_pos
=
0
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment