Commit 5cba4e16 authored by Per Cederqvist's avatar Per Cederqvist
Browse files

Fixed bug in prot_a_parse_string that sometimes caused it to try to allocate

4 Gbyte om memory.
parent ef8ea2ed
...@@ -103,6 +103,16 @@ prot_a_parse_string(Connection *client, ...@@ -103,6 +103,16 @@ prot_a_parse_string(Connection *client,
switch ( client->string_parse_pos ) switch ( client->string_parse_pos )
{ {
case 0: case 0:
if ( (result->len != 0 || result->string != NULL) && err_cnt++ < 20 )
{
log ("prot_a_parse_string(): result->len == %lu, "
"result->string == %lu. This memory will not be free()'d.\n",
(u_long)result->len, (u_long)result->string);
*result = EMPTY_STRING;
if ( err_cnt == 20 )
log("Won't log the above warning no more.");
}
/* Get number and discard trailing 'H' */ /* Get number and discard trailing 'H' */
client_len = s_strtol(s_fsubstr(client->unparsed, client_len = s_strtol(s_fsubstr(client->unparsed,
client->first_to_parse, client->first_to_parse,
...@@ -129,8 +139,10 @@ prot_a_parse_string(Connection *client, ...@@ -129,8 +139,10 @@ prot_a_parse_string(Connection *client,
client->first_to_parse += 1 + hptr; client->first_to_parse += 1 + hptr;
client->string_parse_pos = 1; client->string_parse_pos = 1;
result->len = client_len; /* +++ Transfer */
/* Fall through */ /* Fall through */
case 1: case 1:
client_len = result->len;
/* Check that the entire string is transmitted. */ /* Check that the entire string is transmitted. */
/* (Don't care about the trailing part that will be skipped if the /* (Don't care about the trailing part that will be skipped if the
* string is longer than maxlen) */ * string is longer than maxlen) */
...@@ -142,15 +154,7 @@ prot_a_parse_string(Connection *client, ...@@ -142,15 +154,7 @@ prot_a_parse_string(Connection *client,
longjmp(parse_env, ISC_MSG_INCOMPLETE); longjmp(parse_env, ISC_MSG_INCOMPLETE);
} }
if ( (result->len != 0 || result->string != NULL) && err_cnt++ < 20 ) *result = EMPTY_STRING;
{
log ("prot_a_parse_string(): result->len == %lu, "
"result->string == %lu. This memory will not be free()'d.\n",
(u_long)result->len, (u_long)result->string);
*result = EMPTY_STRING;
if ( err_cnt == 20 )
log("Won't log the above warning no more.");
}
s_mem_crea_str(result, s_mem_crea_str(result,
client->unparsed.string + client->first_to_parse, client->unparsed.string + client->first_to_parse,
...@@ -164,7 +168,7 @@ prot_a_parse_string(Connection *client, ...@@ -164,7 +168,7 @@ prot_a_parse_string(Connection *client,
/* Was the string too long? If so, skip the truncated data. */ /* Was the string too long? If so, skip the truncated data. */
client_len = result->len; client_len = result->len;
truncated_len = min(maxlen+1, result->len); truncated_len = min(maxlen+1, client_len);
if ( client_len > truncated_len ) if ( client_len > truncated_len )
{ {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment