From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Mon, 1 Nov 2021 07:28:18 +0000 (+0100)
Subject: Do not read further than the length we received, the string might
X-Git-Tag: rec-4.6.0-beta1~17^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10930%2Fhead;p=thirdparty%2Fpdns.git

Do not read further than the length we received, the string might
be followed by a passed fd.

Interesting to see that OpenBSD chops up recvs based on the sends,
while Linux is happy to read more than was passed to the corresponding
send call if another send was called after that.
---

diff --git a/pdns/rec_channel.cc b/pdns/rec_channel.cc
index 4f8742022c..b288abe832 100644
--- a/pdns/rec_channel.cc
+++ b/pdns/rec_channel.cc
@@ -171,7 +171,8 @@ RecursorControlChannel::Answer RecursorControlChannel::recv(int fd, unsigned int
   str.reserve(len);
   while (str.length() < len) {
     char buffer[1024];
-    ssize_t recvd = ::recv(fd, buffer, sizeof(buffer), 0);
+    size_t toRead = std::min(len - str.length(), sizeof(buffer));
+    ssize_t recvd = ::recv(fd, buffer, toRead, 0);
     if (recvd <= 0) {
       // EOF means we have a length error
       throw PDNSException("Unable to receive message over control channel: " + stringerror());