From 3c82c131d9d101248892d2b4579297bab3a31a4d Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Fri, 3 Sep 2004 03:39:45 +0000 Subject: (nscd_run): Check early for invalid request types. --- nscd/connections.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'nscd') diff --git a/nscd/connections.c b/nscd/connections.c index c310081..53e258b 100644 --- a/nscd/connections.c +++ b/nscd/connections.c @@ -786,6 +786,10 @@ nscd_run (void *p) continue; } + /* Check whether this is a valid request type. */ + if (req.type < GETPWBYNAME || req.type >= LASTREQ) + goto close_and_out; + /* Some systems have no SO_PEERCRED implementation. They don't care about security so we don't as well. */ #ifdef SO_PEERCRED @@ -798,8 +802,7 @@ nscd_run (void *p) { dbg_log (_("error getting callers id: %s"), strerror_r (errno, buf, sizeof (buf))); - close (fd); - continue; + goto close_and_out; } if (req.type < GETPWBYNAME || req.type > LASTDBREQ @@ -825,8 +828,6 @@ nscd_run (void *p) { if (debug_level > 0) dbg_log (_("key length in request too long: %d"), req.key_len); - close (fd); - continue; } else { @@ -859,11 +860,12 @@ handle_request: request received (Version = %d)"), req.version); /* Phew, we got all the data, now process it. */ handle_request (fd, &req, keybuf, uid); - - /* We are done. */ - close (fd); } + close_and_out: + /* We are done. */ + close (fd); + /* Just determine whether any data is present. We do this to measure whether clients are queued up. */ try_get: -- cgit v1.1