From 28dff2287e42c8b83eda2abb95667b4596dc994b Mon Sep 17 00:00:00 2001 From: Michael Graff Date: Mon, 17 Jan 2000 23:43:31 +0000 Subject: [PATCH] more checks against the length of the packet --- lib/lwres/lwres_gabn.c | 8 +++++++- lib/lwres/lwres_gnba.c | 19 ++++++++++++++++--- lib/lwres/lwres_noop.c | 12 ++++++++++++ 3 files changed, 35 insertions(+), 4 deletions(-) diff --git a/lib/lwres/lwres_gabn.c b/lib/lwres/lwres_gabn.c index 4fdfd1fa2d..8ae3c17a22 100644 --- a/lib/lwres/lwres_gabn.c +++ b/lib/lwres/lwres_gabn.c @@ -196,6 +196,9 @@ lwres_gabnrequest_parse(lwres_context_t *ctx, lwres_lwpacket_t *pkt, if (ret != 0) return (ret); + if (LWRES_BUFFER_REMAINING(b) != 0) + return (-1); + gabn = CTXMALLOC(sizeof(lwres_gabnrequest_t)); if (gabn == NULL) return (-1); @@ -279,7 +282,10 @@ lwres_gabnresponse_parse(lwres_context_t *ctx, lwres_lwpacket_t *pkt, goto out; } - /* XXXMLG Should check for trailing bytes */ + if (LWRES_BUFFER_REMAINING(b) != 0) { + ret = -1; + goto out; + } *structp = gabn; return (0); diff --git a/lib/lwres/lwres_gnba.c b/lib/lwres/lwres_gnba.c index 07aa2f9816..eeecc77b7d 100644 --- a/lib/lwres/lwres_gnba.c +++ b/lib/lwres/lwres_gnba.c @@ -134,7 +134,6 @@ lwres_gnbaresponse_render(lwres_context_t *ctx, lwres_gnbaresponse_t *req, } /* encode naliases */ - INSIST(SPACE_OK(b, sizeof(isc_uint16_t) * 2)); lwres_buffer_putuint16(b, req->naliases); @@ -178,10 +177,21 @@ lwres_gnbarequest_parse(lwres_context_t *ctx, lwres_lwpacket_t *pkt, ret = lwres_addr_parse(b, &gnba->addr); if (ret != 0) - return (ret); + goto out; + + if (LWRES_BUFFER_REMAINING(b) != 0) { + ret = -1; + goto out; + } *structp = gnba; return (0); + + out: + if (gnba != NULL) + lwres_gnbarequest_free(ctx, &gnba); + + return (ret); } int @@ -238,7 +248,10 @@ lwres_gnbaresponse_parse(lwres_context_t *ctx, lwres_lwpacket_t *pkt, goto out; } - /* XXXMLG Should check for trailing bytes */ + if (LWRES_BUFFER_REMAINING(b) != 0) { + ret = -1; + goto out; + } *structp = gnba; return (0); diff --git a/lib/lwres/lwres_noop.c b/lib/lwres/lwres_noop.c index 0cdf2e76b4..c1ec53bcef 100644 --- a/lib/lwres/lwres_noop.c +++ b/lib/lwres/lwres_noop.c @@ -164,6 +164,12 @@ lwres_nooprequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, goto out; } req->data = b->base + b->current; + lwres_buffer_forward(b, req->datalength); + + if (LWRES_BUFFER_REMAINING(b) != 0) { + ret = -1; + goto out; + } /* success! */ *structp = req; @@ -206,6 +212,12 @@ lwres_noopresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, } req->data = b->base + b->current; + lwres_buffer_forward(b, req->datalength); + if (LWRES_BUFFER_REMAINING(b) != 0) { + ret = -1; + goto out; + } + /* success! */ *structp = req; return (0);