9p message size too small

various fileservers do not check if the message size is too small (they subtract IOHDRSZ later from it to calculate iounit) which can overflow.
author: cinap_lenrek <cinap_lenrek@gmx.de> 2013-01-30 06:28:42 +0100
committer: cinap_lenrek <cinap_lenrek@gmx.de> 2013-01-30 06:28:42 +0100
commit: 3787f721c1efe19c0502dc7e429459804100757d (patch)
tree: 2f13a3f87496668b131eff4025d62b8dfdf4ac2e /sys/src/cmd/bzfs
parent: dbbbff89151794c838319e831254bcff6b3dbbcf (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/src/cmd/bzfs/oramfs.c b/sys/src/cmd/bzfs/oramfs.c
index cba02724a..7f5d686d8 100644
--- a/sys/src/cmd/bzfs/oramfs.c
+++ b/sys/src/cmd/bzfs/oramfs.c
@@ -221,6 +221,8 @@ rversion(Fid*)
 	for(f = fids; f; f = f->next)
 		if(f->busy)
 			rclunk(f);
+	if(thdr.msize < 256)
+		return "message size too small";
 	if(thdr.msize > sizeof mdata)
 		rhdr.msize = sizeof mdata;
 	else
author	cinap_lenrek <cinap_lenrek@gmx.de>	2013-01-30 06:28:42 +0100
committer	cinap_lenrek <cinap_lenrek@gmx.de>	2013-01-30 06:28:42 +0100
commit	3787f721c1efe19c0502dc7e429459804100757d (patch)
tree	2f13a3f87496668b131eff4025d62b8dfdf4ac2e /sys/src/cmd/bzfs
parent	dbbbff89151794c838319e831254bcff6b3dbbcf (diff)