From a3e48b697fa664110567fcd0027d24ea5a239041 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 25 Mar 2010 08:03:37 +0100 Subject: bugfix(temporary): message-induced off-by-one error (potential segfault) Some types of malformed messages could trigger an off-by-one error (for example, \0 or \n as the last character, and generally control character escaption is questionable). This is due to not strictly following a the \0 or string counted string paradigm (during the last optimization on the cstring class). As a temporary fix, we have introduced a proper recalculation of the size. However, a final patch is expected in the future. See bug tracker for further details and when the final patch will be available: http://bugzilla.adiscon.com/show_bug.cgi?id=184 Note that the current patch is considered sufficient to solve the situation, but it requires a bit more runtime than desirable. --- runtime/msg.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'runtime/msg.c') diff --git a/runtime/msg.c b/runtime/msg.c index 3a2331f4..2ce7843a 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -2319,6 +2319,12 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, *pPropLen = sizeof("**INVALID PROPERTY NAME**") - 1; return UCHAR_CONSTANT("**INVALID PROPERTY NAME**"); } + /* the following line fixes the symptom, but not the root cause -- at least MSG sometimes + * returns a size of one too less. To prevent all troubles, we recalculate the sizes based + * on what we actually got. TODO: remove once root cause is found. + * rgerhards, 2010-03-23 + */ + bufLen = ustrlen(pRes); /* If we did not receive a template pointer, we are already done... */ -- cgit v1.2.3 From 2cd132eebb84dbcffcf0c20b9354c14f797c29cd Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Wed, 7 Apr 2010 12:42:41 +0200 Subject: enhanced nettester tool so that it re-uses it's callers environment this enables us to work with the "usual" environment tweaks (for debugging and other purposes), without the need for any special handling in nettester itself --- runtime/msg.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'runtime/msg.c') diff --git a/runtime/msg.c b/runtime/msg.c index 2ce7843a..91057f97 100644 --- a/runtime/msg.c +++ b/runtime/msg.c @@ -2010,6 +2010,8 @@ finalize_it: /* set raw message in message object. Size of message is provided. + * The function makes sure that the stored rawmsg is properly + * terminated by '\0'. * rgerhards, 2009-06-16 */ void MsgSetRawMsg(msg_t *pThis, char* pszRawMsg, size_t lenMsg) @@ -2319,13 +2321,6 @@ uchar *MsgGetProp(msg_t *pMsg, struct templateEntry *pTpe, *pPropLen = sizeof("**INVALID PROPERTY NAME**") - 1; return UCHAR_CONSTANT("**INVALID PROPERTY NAME**"); } - /* the following line fixes the symptom, but not the root cause -- at least MSG sometimes - * returns a size of one too less. To prevent all troubles, we recalculate the sizes based - * on what we actually got. TODO: remove once root cause is found. - * rgerhards, 2010-03-23 - */ - bufLen = ustrlen(pRes); - /* If we did not receive a template pointer, we are already done... */ if(pTpe == NULL) { -- cgit v1.2.3