diff options
| author | cinap_lenrek <cinap_lenrek@gmx.de> | 2013-01-30 06:28:42 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@gmx.de> | 2013-01-30 06:28:42 +0100 |
| commit | 3787f721c1efe19c0502dc7e429459804100757d (patch) | |
| tree | 2f13a3f87496668b131eff4025d62b8dfdf4ac2e /sys/src/cmd/vnc | |
| parent | dbbbff89151794c838319e831254bcff6b3dbbcf (diff) | |
9p message size too small
various fileservers do not check if the message size is too small
(they subtract IOHDRSZ later from it to calculate iounit) which
can overflow.
Diffstat (limited to 'sys/src/cmd/vnc')
| -rw-r--r-- | sys/src/cmd/vnc/exportfs.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/src/cmd/vnc/exportfs.c b/sys/src/cmd/vnc/exportfs.c index 4948016d4..a2feb83ae 100644 --- a/sys/src/cmd/vnc/exportfs.c +++ b/sys/src/cmd/vnc/exportfs.c @@ -503,6 +503,8 @@ Exputfid(Export *fs, Fid *f) static char* Exversion(Export *fs, Fcall *rpc, uchar *) { + if(rpc->msize < 256) + return "version: message size too small"; if(rpc->msize > Maxrpc) rpc->msize = Maxrpc; if(strncmp(rpc->version, "9P", 2) != 0){ |