aboutsummaryrefslogtreecommitdiff
path: root/sunrpc
diff options
context:
space:
mode:
authorAndreas Jaeger <aj@suse.de>2000-06-25 08:45:34 +0000
committerAndreas Jaeger <aj@suse.de>2000-06-25 08:45:34 +0000
commite4f87c78605244c3b805fc5905002826b2a30eab (patch)
tree4312009a205ed3f1eb394e87cf8132770b73f0ec /sunrpc
parent0ea5f1b861e6645a77be180b50391a2dd0ebaefb (diff)
downloadglibc-e4f87c78605244c3b805fc5905002826b2a30eab.zip
glibc-e4f87c78605244c3b805fc5905002826b2a30eab.tar.gz
glibc-e4f87c78605244c3b805fc5905002826b2a30eab.tar.bz2
* xdr_rec.c (set_input_fragment) Fix PR libc/1549, patch from Jens Moeller <jens.moeller@waii.com>.
Diffstat (limited to 'sunrpc')
-rw-r--r--sunrpc/xdr_rec.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/sunrpc/xdr_rec.c b/sunrpc/xdr_rec.c
index 675eaac..a3b90ce 100644
--- a/sunrpc/xdr_rec.c
+++ b/sunrpc/xdr_rec.c
@@ -605,14 +605,16 @@ set_input_fragment (RECSTREAM *rstrm)
header = ntohl (header);
rstrm->last_frag = ((header & LAST_FRAG) == 0) ? FALSE : TRUE;
/*
- * Sanity check. Try not to accept wildly incorrect
- * record sizes. Unfortunately, the only record size
- * we can positively identify as being 'wildly incorrect'
- * is zero. Ridiculously large record sizes may look wrong,
- * but we don't have any way to be certain that they aren't
- * what the client actually intended to send us.
+ * Sanity check. Try not to accept wildly incorrect fragment
+ * sizes. Unfortunately, only a size of zero can be identified as
+ * 'wildely incorrect', and this only, if it is not the last
+ * fragment of a message. Ridiculously large fragment sizes may look
+ * wrong, but we don't have any way to be certain that they aren't
+ * what the client actually intended to send us. Many existing RPC
+ * implementations may sent a fragment of size zero as the last
+ * fragment of a message.
*/
- if ((header & (~LAST_FRAG)) == 0)
+ if (header == 0)
return FALSE;
rstrm->fbtbc = header & ~LAST_FRAG;
return TRUE;