The generic reader didn't have a buffer that was large enough to

save uncomplete messages. I had forgotten about the four bytes of message length preceding the message. A buffer overflow could occur because of this. Ouch!
author: Richard Nyberg <rnyberg@murmeldjur.se> 2005-07-07 12:55:44 +0000
committer: Richard Nyberg <rnyberg@murmeldjur.se> 2005-07-07 12:55:44 +0000
commit: f8a4999e4078d47da3196041e13952d7243fe0f5 (patch)
tree: 25bf2dc86f7f2581718f1369deef8a13bc82e49d
parent: 051b1b4e2a77e4f6c2e2079404fef7fc6dac9854 (diff)
download: btpd-f8a4999e4078d47da3196041e13952d7243fe0f5.tar.gz
btpd-f8a4999e4078d47da3196041e13952d7243fe0f5.zip
2 files changed, 2 insertions, 1 deletions
diff --git a/btpd/net.c b/btpd/net.c
index 6d1d220..e627378 100644
--- a/btpd/net.c
+++ b/btpd/net.c
@@ -766,6 +766,7 @@ net_generic_read(struct peer *p, unsigned long rmax)
     }
     if (off != len) {
 	gr->iob.buf_off = len - off;
+        assert(gr->iob.buf_off <= gr->iob.buf_len);
 	bcopy(buf + off, gr->iob.buf, gr->iob.buf_off);
     }
     event_add(&p->in_ev, NULL);
diff --git a/btpd/net.h b/btpd/net.h
index 5a2c704..7216362 100644
--- a/btpd/net.h
+++ b/btpd/net.h
@@ -65,7 +65,7 @@ struct handshake {
     char _io_buf[SHAKE_LEN];
 };
 
-#define MAX_INPUT_LEFT 12
+#define MAX_INPUT_LEFT 16
 
 struct generic_reader {
     struct input_reader rd;
author	Richard Nyberg <rnyberg@murmeldjur.se>	2005-07-07 12:55:44 +0000
committer	Richard Nyberg <rnyberg@murmeldjur.se>	2005-07-07 12:55:44 +0000
commit	f8a4999e4078d47da3196041e13952d7243fe0f5 (patch)
tree	25bf2dc86f7f2581718f1369deef8a13bc82e49d
parent	051b1b4e2a77e4f6c2e2079404fef7fc6dac9854 (diff)
download	btpd-f8a4999e4078d47da3196041e13952d7243fe0f5.tar.gz btpd-f8a4999e4078d47da3196041e13952d7243fe0f5.zip