arrays eat up the rest of the struct

and avoid overflow in length checks.

and assert that single values we're decoding manually aren't arrays,
becuse we need extra code to handle that.

diff --git a/src/lib/util/struct.c b/src/lib/util/struct.c
index 8e1a8f8a231a68eb60b97d2d43bb8770cce15b2c..372351a61511608fd47d0fbb062049177dc6c984 100644 (file)
--- a/src/lib/util/struct.c
+++ b/src/lib/util/struct.c
@@ -242,12 +242,16 @@ ssize_t fr_struct_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out,
                 *      If this field overflows the input, then *all*
                 *      of the input is suspect.
                 */
-               if ((p + child_length) > end) {
+               if (child_length > (size_t) (end - p)) {
                        FR_PROTO_TRACE("fr_struct_from_network - child length %zd overflows buffer", child_length);
                        goto unknown;
                }
 
-               if (!child_length) child_length = (end - p);
+               /*
+                *      The child is variable sized, OR it's an array.
+                *      Eat up the rest of the data.
+                */
+               if (!child_length || (child->flags.array)) child_length = (end - p);
 
                /*
                 *      Magic values get the callback called.
@@ -283,6 +287,11 @@ ssize_t fr_struct_from_network(TALLOC_CTX *ctx, fr_pair_list_t *out,
                        break;
                }
 
+               /*
+                *      We don't handle this yet here.
+                */
+               fr_assert(!child->flags.array);
+
                vp = fr_pair_afrom_da(child_ctx, child);
                if (!vp) {
                        FR_PROTO_TRACE("fr_struct_from_network - failed allocating child VP");