diff options
author | Andreas Jaeger <aj@suse.de> | 2000-06-25 08:45:34 +0000 |
---|---|---|
committer | Andreas Jaeger <aj@suse.de> | 2000-06-25 08:45:34 +0000 |
commit | e4f87c78605244c3b805fc5905002826b2a30eab (patch) | |
tree | 4312009a205ed3f1eb394e87cf8132770b73f0ec /sunrpc/xdr_rec.c | |
parent | 0ea5f1b861e6645a77be180b50391a2dd0ebaefb (diff) | |
download | glibc-e4f87c78605244c3b805fc5905002826b2a30eab.tar.gz |
* xdr_rec.c (set_input_fragment) Fix PR libc/1549, patch from Jens Moeller <jens.moeller@waii.com>.
Diffstat (limited to 'sunrpc/xdr_rec.c')
-rw-r--r-- | sunrpc/xdr_rec.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/sunrpc/xdr_rec.c b/sunrpc/xdr_rec.c index 675eaacc15..a3b90ce41c 100644 --- a/sunrpc/xdr_rec.c +++ b/sunrpc/xdr_rec.c @@ -605,14 +605,16 @@ set_input_fragment (RECSTREAM *rstrm) header = ntohl (header); rstrm->last_frag = ((header & LAST_FRAG) == 0) ? FALSE : TRUE; /* - * Sanity check. Try not to accept wildly incorrect - * record sizes. Unfortunately, the only record size - * we can positively identify as being 'wildly incorrect' - * is zero. Ridiculously large record sizes may look wrong, - * but we don't have any way to be certain that they aren't - * what the client actually intended to send us. + * Sanity check. Try not to accept wildly incorrect fragment + * sizes. Unfortunately, only a size of zero can be identified as + * 'wildely incorrect', and this only, if it is not the last + * fragment of a message. Ridiculously large fragment sizes may look + * wrong, but we don't have any way to be certain that they aren't + * what the client actually intended to send us. Many existing RPC + * implementations may sent a fragment of size zero as the last + * fragment of a message. */ - if ((header & (~LAST_FRAG)) == 0) + if (header == 0) return FALSE; rstrm->fbtbc = header & ~LAST_FRAG; return TRUE; |