* mpicoder.c (mpi_read): If we must fail due to a oversize (generally

corrupt) MPI, make sure the number of bytes we read is valid so we can skip the rest of the bad packet (in hopes the whole stream isn't invalid).
2024-06-26 01:52:45 +02:00 · 2004-09-30 04:07:23 +00:00 · 2004-09-30 04:07:23 +00:00 · ec0cc1f135
commit ec0cc1f135
parent 742682bf95
2 changed files with 9 additions and 1 deletions
--- a/mpi/ChangeLog
+++ b/mpi/ChangeLog
@ -1,3 +1,10 @@
+2004-09-29  David Shaw  <dshaw@jabberwocky.com>
+
+	* mpicoder.c (mpi_read): If we must fail due to a oversize
+	(generally corrupt) MPI, make sure the number of bytes we read is
+	valid so we can skip the rest of the bad packet (in hopes the
+	whole stream isn't invalid).
+
 2004-05-20  David Shaw  <dshaw@jabberwocky.com>

 	* longlong.h: Typo.
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@ -80,15 +80,16 @@ mpi_read(IOBUF inp, unsigned *ret_nread, int secure)

    if( (c = iobuf_get(inp)) == -1 )
 	goto leave;
+    nread++;
    nbits = c << 8;
    if( (c = iobuf_get(inp)) == -1 )
 	goto leave;
+    nread++;
    nbits |= c;
    if( nbits > MAX_EXTERN_MPI_BITS ) {
 	log_error("mpi too large (%u bits)\n", nbits);
 	goto leave;
    }
-    nread = 2;

    nbytes = (nbits+7) / 8;
    nlimbs = (nbytes+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB;