diff options
| author | cinap_lenrek <cinap_lenrek@gmx.de> | 2013-01-30 06:28:42 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@gmx.de> | 2013-01-30 06:28:42 +0100 |
| commit | 3787f721c1efe19c0502dc7e429459804100757d (patch) | |
| tree | 2f13a3f87496668b131eff4025d62b8dfdf4ac2e /sys/src/cmd/ip/ftpfs/ftpfs.c | |
| parent | dbbbff89151794c838319e831254bcff6b3dbbcf (diff) | |
9p message size too small
various fileservers do not check if the message size is too small
(they subtract IOHDRSZ later from it to calculate iounit) which
can overflow.
Diffstat (limited to 'sys/src/cmd/ip/ftpfs/ftpfs.c')
| -rw-r--r-- | sys/src/cmd/ip/ftpfs/ftpfs.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/src/cmd/ip/ftpfs/ftpfs.c b/sys/src/cmd/ip/ftpfs/ftpfs.c index 17e0df7b4..5d6f35b2e 100644 --- a/sys/src/cmd/ip/ftpfs/ftpfs.c +++ b/sys/src/cmd/ip/ftpfs/ftpfs.c @@ -304,11 +304,13 @@ rnop(Fid *f) char* rversion(Fid*) { - if(thdr.msize > sizeof(mdata)) - rhdr.msize = messagesize; + if(thdr.msize < 256) + return "version: message size too small"; + if(thdr.msize > sizeof mdata) + rhdr.msize = sizeof mdata; else rhdr.msize = thdr.msize; - messagesize = thdr.msize; + messagesize = rhdr.msize; if(strncmp(thdr.version, "9P2000", 6) != 0) return "unknown 9P version"; |