# HG changeset patch
# User Sebastien Decugis <sdecugis@freediameter.net>
# Date 1360690953 -3600
# Node ID cb439d57d0c5206d68751a2154d5ce1f5299c0c2
# Parent  b1776283d69e1ffba750e1f23e78cef3de1a86f9
Fix parsing of incoming AVPs with 0-byte length at the end of the message

diff -r b1776283d69e -r cb439d57d0c5 libfdproto/messages.c
--- a/libfdproto/messages.c	Tue Feb 12 18:19:19 2013 +0100
+++ b/libfdproto/messages.c	Tue Feb 12 18:42:33 2013 +0100
@@ -1652,7 +1652,7 @@
 	while (offset < buflen) {
 		struct avp * avp;
 		
-		if (buflen - offset <= AVPHDRSZ_NOVEND) {
+		if (buflen - offset < AVPHDRSZ_NOVEND) {
 			TRACE_DEBUG(INFO, "truncated buffer: remaining only %d bytes", buflen - offset);
 			return EBADMSG;
 		}
@@ -1670,7 +1670,7 @@
 		offset += 8;
 		
 		if (avp->avp_public.avp_flags & AVP_FLAG_VENDOR) {
-			if (buflen - offset <= 4) {
+			if (buflen - offset < 4) {
 				TRACE_DEBUG(INFO, "truncated buffer: remaining only %d bytes for vendor and data", buflen - offset);
 				free(avp);
 				return EBADMSG;
@@ -1680,7 +1680,8 @@
 		}
 		
 		/* Check there is enough remaining data in the buffer */
-		if (buflen - offset < avp->avp_public.avp_len - GETAVPHDRSZ(avp->avp_public.avp_flags)) {
+		if ( (avp->avp_public.avp_len > GETAVPHDRSZ(avp->avp_public.avp_flags))
+		&& (buflen - offset < avp->avp_public.avp_len - GETAVPHDRSZ(avp->avp_public.avp_flags))) {
 			TRACE_DEBUG(INFO, "truncated buffer: remaining only %d bytes for data, and avp data size is %d", 
 					buflen - offset, 
 					avp->avp_public.avp_len - GETAVPHDRSZ(avp->avp_public.avp_flags));