(set_input_fragment): Only recognize zero length fragments as invalid.

diff --git a/sunrpc/xdr_rec.c b/sunrpc/xdr_rec.c
index b7d5388d2242bdfa3581b9490fc09c7995d42b16..08f6f65f9ba9644a134c00048c8419a6108dc865 100644 (file)
--- a/sunrpc/xdr_rec.c
+++ b/sunrpc/xdr_rec.c
@@ -539,23 +539,26 @@ get_input_bytes(rstrm, addr, len)
 }
 
 static bool_t  /* next two bytes of the input stream are treated as a header */
-set_input_fragment(rstrm)
-       register RECSTREAM *rstrm;
+set_input_fragment (RECSTREAM *rstrm)
 {
-       u_long header;
-
-       if (! get_input_bytes(rstrm, (caddr_t)&header, BYTES_PER_XDR_UNIT))
-               return FALSE;
-       header = ntohl(header);
-       rstrm->last_frag = ((header & LAST_FRAG) == 0) ? FALSE : TRUE;
-       /*
-        * Sanity check. Try not to accept wildly incorrect
-        * record sizes.
-        */
-       if ((header & (~LAST_FRAG)) > rstrm->recvsize)
-         return(FALSE);
-       rstrm->fbtbc = header & ~LAST_FRAG;
-       return TRUE;
+  u_long header;
+
+  if (! get_input_bytes (rstrm, (caddr_t)&header, BYTES_PER_XDR_UNIT))
+    return FALSE;
+  header = ntohl (header);
+  rstrm->last_frag = ((header & LAST_FRAG) == 0) ? FALSE : TRUE;
+  /*
+   * Sanity check. Try not to accept wildly incorrect
+   * record sizes. Unfortunately, the only record size
+   * we can positively identify as being 'wildly incorrect'
+   * is zero. Ridiculously large record sizes may look wrong,
+   * but we don't have any way to be certain that they aren't
+   * what the client actually intended to send us.
+   */
+  if ((header & (~LAST_FRAG)) == 0)
+    return FALSE;
+  rstrm->fbtbc = header & ~LAST_FRAG;
+  return TRUE;
 }
 
 static bool_t  /* consumes input bytes; knows nothing about records! */