From 924d0ca7e4170da1e6e0b236fbce0ec2be1cc880 Mon Sep 17 00:00:00 2001
From: Per Cederqvist <ceder@lysator.liu.se>
Date: Fri, 26 Jul 1996 00:43:38 +0000
Subject: [PATCH] (accept_async): prot_a_parse_num_list sets data to NULL and
length to a non-zero value if the client sent a too big array. Check for
that condition instead of checking if the length was greater than
ay_dummy_last. Set kom_errno to KOM_LONG_ARRAY instead of
KOM_INDEX_OUT_OF_RANGE if the array was too big.
---
src/server/session.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/server/session.c b/src/server/session.c
index 2cf5a84a9..8e1293985 100644
--- a/src/server/session.c
+++ b/src/server/session.c
@@ -1,5 +1,5 @@
/*
- * $Id: session.c,v 0.30 1996/07/24 23:57:42 ceder Exp $
+ * $Id: session.c,v 0.31 1996/07/26 00:43:38 ceder Exp $
* Copyright (C) 1991, 1992, 1993, 1994 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
@@ -28,7 +28,7 @@
* Session control and miscellaneous.
*/
-static char *rcsid = "$Id: session.c,v 0.30 1996/07/24 23:57:42 ceder Exp $";
+static char *rcsid = "$Id: session.c,v 0.31 1996/07/26 00:43:38 ceder Exp $";
#include "rcs.h"
USE(rcsid);
@@ -766,9 +766,9 @@ accept_async(Number_list *num_list)
* Check agains maliciously long arrays
*/
- if (num_list->length > ay_dummy_last)
+ if (num_list->data == NULL && num_list->length > 0)
{
- kom_errno = KOM_INDEX_OUT_OF_RANGE;
+ kom_errno = KOM_LONG_ARRAY;
return FAILURE;
}
@@ -784,7 +784,8 @@ accept_async(Number_list *num_list)
/*
- * Enter the new accept list
+ * Enter the new accept list -- silently ignore requests for
+ * messages that this version of the server doesn't understand.
*/
for (i = 0; i < num_list->length; i++)
@@ -801,6 +802,7 @@ accept_async(Number_list *num_list)
extern Success
query_async(Number_list *result)
{
+ /* (This static buffer is mentioned in async.h). */
static long temp[ay_dummy_last];
int i;
--
GitLab