Don't read uninitialized memory in client packet length check

Before calling PKL_ReplyLength() check that the packet has full header.
This didn't change the outcome of the test if the packet was shorter as
the invalid result from PKL_ReplyLength() was either larger than length
of the packet or smaller than header length, failing the length check in
both cases.

diff --git a/client.c b/client.c
index 8ce3f45718e1497f34db098e78c7f4479520aad8..b0939a27ab382e8cdb3c20272c281e65de9b758a 100644 (file)
--- a/client.c
+++ b/client.c
@@ -1366,7 +1366,11 @@ submit_request(CMD_Request *request, CMD_Reply *reply, int *reply_auth_ok)
       } else {
         
         read_length = recvfrom_status;
-        expected_length = PKL_ReplyLength(reply);
+        if (read_length >= offsetof(CMD_Reply, data)) {
+          expected_length = PKL_ReplyLength(reply);
+        } else {
+          expected_length = 0;
+        }
 
         bad_length = (read_length < expected_length ||
                       expected_length < offsetof(CMD_Reply, data));