From: Ulrich Drepper <drepper@redhat.com>
Date: Tue, 7 Jul 1998 12:01:46 +0000 (+0000)
Subject: (set_input_fragment): Only recognize zero length fragments as invalid.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0078b1dd3d18c16a2ed031c135eebe21d54a8a01;p=thirdparty%2Fglibc.git

(set_input_fragment): Only recognize zero length fragments as invalid.
---

diff --git a/sunrpc/xdr_rec.c b/sunrpc/xdr_rec.c
index b7d5388d224..08f6f65f9ba 100644
--- a/sunrpc/xdr_rec.c
+++ b/sunrpc/xdr_rec.c
@@ -539,23 +539,26 @@ get_input_bytes(rstrm, addr, len)
 }
 
 static bool_t  /* next two bytes of the input stream are treated as a header */
-set_input_fragment(rstrm)
-	register RECSTREAM *rstrm;
+set_input_fragment (RECSTREAM *rstrm)
 {
-	u_long header;
-
-	if (! get_input_bytes(rstrm, (caddr_t)&header, BYTES_PER_XDR_UNIT))
-		return FALSE;
-	header = ntohl(header);
-	rstrm->last_frag = ((header & LAST_FRAG) == 0) ? FALSE : TRUE;
-	/*
-	 * Sanity check. Try not to accept wildly incorrect
-	 * record sizes.
-	 */
-	if ((header & (~LAST_FRAG)) > rstrm->recvsize)
-	  return(FALSE);
-	rstrm->fbtbc = header & ~LAST_FRAG;
-	return TRUE;
+  u_long header;
+
+  if (! get_input_bytes (rstrm, (caddr_t)&header, BYTES_PER_XDR_UNIT))
+    return FALSE;
+  header = ntohl (header);
+  rstrm->last_frag = ((header & LAST_FRAG) == 0) ? FALSE : TRUE;
+  /*
+   * Sanity check. Try not to accept wildly incorrect
+   * record sizes. Unfortunately, the only record size
+   * we can positively identify as being 'wildly incorrect'
+   * is zero. Ridiculously large record sizes may look wrong,
+   * but we don't have any way to be certain that they aren't
+   * what the client actually intended to send us.
+   */
+  if ((header & (~LAST_FRAG)) == 0)
+    return FALSE;
+  rstrm->fbtbc = header & ~LAST_FRAG;
+  return TRUE;
 }
 
 static bool_t  /* consumes input bytes; knows nothing about records! */