jcs
/subtext
/amendments
/266
serial: Add failsafe to avoid sending more than sizeof(obuf)
Some bug is causing obuflen to be more than sizeof(obuf), maybe
somewhere in the ZModem code.
jcs made amendment 266 over 2 years ago
--- serial.c Wed Oct 5 11:02:12 2022
+++ serial.c Tue Oct 25 16:47:00 2022
@@ -527,6 +527,14 @@ serial_output(struct session *session)
if (session->obuflen == 0 || session->ending)
return 0;
+ if (session->obuflen > sizeof(session->obuf)) {
+ warn("bogus obuflen %d > %ld", session->obuflen,
+ sizeof(session->obuf));
+ session->ending = true;
+ session_close(session);
+ return 0;
+ }
+
memset(&serial_write_pbr, 0, sizeof(serial_write_pbr));
serial_write_pbr.ioParam.ioRefNum = serial_out_refnum;
serial_write_pbr.ioParam.ioBuffer = (Ptr)&session->obuf;
@@ -548,9 +556,8 @@ serial_output(struct session *session)
the_serial_node.write_timeout_since = 0;
if (serial_write_pbr.ioParam.ioReqCount > session->obuflen)
- session->obuflen = 0;
- else
- session->obuflen -= serial_write_pbr.ioParam.ioReqCount;
+ warn("serial wrote more than obuflen?");
+ session->obuflen -= serial_write_pbr.ioParam.ioReqCount;
return serial_write_pbr.ioParam.ioReqCount;
}