Commit 85c2b274 authored by Niels Möller's avatar Niels Möller

(do_read_line): Fixed buffer overrun bug,

initially reported by Bennett Todd. XXX Create testcase. Fix in
stable branch.

Rev: src/read_line.c:1.32
parent c2ee44fb
......@@ -55,7 +55,7 @@
static uint32_t
do_read_line(struct read_handler **h,
uint32_t available,
uint8_t *data /*, struct exception_handler *e */)
uint8_t *data)
{
CAST(read_line, self, *h);
......@@ -95,11 +95,12 @@ do_read_line(struct read_handler **h,
tail = eol - data; /* Excludes the newline character */
consumed = tail + 1; /* Includes newline character */
if ( (self->pos + consumed) > 255)
if ( (self->pos + consumed) > MAX_LINE)
{
/* Too long line */
EXCEPTION_RAISE(self->e,
make_protocol_exception(0, "Line too long."));
return available;
}
/* Ok, now we have a line. Copy it into the buffer. */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment