Before this patch libkrad would always subtract the existing buffer
length from pktlen before passing it to recv(). In the case of stream
sockets, this is incorrect since krad_packet_bytes_needed() already
performs this calculation. Subtracting the buffer length twice could
cause integer underflow on the len parameter to recv().
ticket: 8430 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
request *tmp, *r;
int i;
- pktlen = sizeof(rr->buffer_);
+ pktlen = sizeof(rr->buffer_) - rr->buffer.length;
if (rr->info->ai_socktype == SOCK_STREAM) {
pktlen = krad_packet_bytes_needed(&rr->buffer);
if (pktlen < 0) {
/* Read the packet. */
i = recv(verto_get_fd(rr->io), rr->buffer.data + rr->buffer.length,
- pktlen - rr->buffer.length, 0);
+ pktlen, 0);
if (i < 0) {
/* Should we try again? */
if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
projects / thirdparty / krb5.git / commitdiff
