lib9p: fix zero msize abort() due to unknown version (thanks kivik)

kivik wrote: I've found a nasty bug in lib9p handling of Tversion messages, where an invalid version string in the request leads to servers abort()ing the spaceship. To reproduce: ; ramfs -S ram ; aux/9pcon /srv/ram Tversion ~0 DIE The issue lies in sversion() where in case an invalid version string is received we respond right away with ofcall.version="unknown"; however, we fail to set the ofcall.msize, which at this point is cleared to 0. This causes the convS2M call in respond() to fail and abort being called.
author: cinap_lenrek <cinap_lenrek@felloff.net> 2019-03-01 01:43:55 +0100
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2019-03-01 01:43:55 +0100
commit: 0aac600fb3b659b5b9a2a8aaefb821774cf38bd2 (patch)
tree: 07847b766b6462f8f5018a36008cb09a45c7f99c /sys/src/lib9p
parent: 967b1248f82e5f64eab4dbf45898a37851b71fa2 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/src/lib9p/srv.c b/sys/src/lib9p/srv.c
index 9090b1a52..207c88f61 100644
--- a/sys/src/lib9p/srv.c
+++ b/sys/src/lib9p/srv.c
@@ -172,6 +172,7 @@ sversion(Srv *srv, Req *r)
 	}
 	if(strncmp(r->ifcall.version, "9P", 2) != 0){
 		r->ofcall.version = "unknown";
+		r->ofcall.msize = 256;
 		respond(r, nil);
 		return;
 	}
author	cinap_lenrek <cinap_lenrek@felloff.net>	2019-03-01 01:43:55 +0100
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2019-03-01 01:43:55 +0100
commit	0aac600fb3b659b5b9a2a8aaefb821774cf38bd2 (patch)
tree	07847b766b6462f8f5018a36008cb09a45c7f99c /sys/src/lib9p
parent	967b1248f82e5f64eab4dbf45898a37851b71fa2 (diff)