Mercurial > hg > freeDiameter

changeset 920:cb439d57d0c5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix parsing of incoming AVPs with 0-byte length at the end of the message
author Sebastien Decugis <sdecugis@freediameter.net>
date Tue, 12 Feb 2013 18:42:33 +0100
parents b1776283d69e
children a0ab56aa089f
files libfdproto/messages.c
diffstat 1 files changed, 4 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/libfdproto/messages.c	Tue Feb 12 18:19:19 2013 +0100
+++ b/libfdproto/messages.c	Tue Feb 12 18:42:33 2013 +0100
@@ -1652,7 +1652,7 @@
 	while (offset < buflen) {
 		struct avp * avp;
 		
-		if (buflen - offset <= AVPHDRSZ_NOVEND) {
+		if (buflen - offset < AVPHDRSZ_NOVEND) {
 			TRACE_DEBUG(INFO, "truncated buffer: remaining only %d bytes", buflen - offset);
 			return EBADMSG;
 		}
@@ -1670,7 +1670,7 @@
 		offset += 8;
 		
 		if (avp->avp_public.avp_flags & AVP_FLAG_VENDOR) {
-			if (buflen - offset <= 4) {
+			if (buflen - offset < 4) {
 				TRACE_DEBUG(INFO, "truncated buffer: remaining only %d bytes for vendor and data", buflen - offset);
 				free(avp);
 				return EBADMSG;
@@ -1680,7 +1680,8 @@
 		}
 		
 		/* Check there is enough remaining data in the buffer */
-		if (buflen - offset < avp->avp_public.avp_len - GETAVPHDRSZ(avp->avp_public.avp_flags)) {
+		if ( (avp->avp_public.avp_len > GETAVPHDRSZ(avp->avp_public.avp_flags))
+		&& (buflen - offset < avp->avp_public.avp_len - GETAVPHDRSZ(avp->avp_public.avp_flags))) {
 			TRACE_DEBUG(INFO, "truncated buffer: remaining only %d bytes for data, and avp data size is %d", 
 					buflen - offset, 
 					avp->avp_public.avp_len - GETAVPHDRSZ(avp->avp_public.avp_flags));
"Welcome to our mercurial repository"