Commit 410f8915 authored by Martin Hurton's avatar Martin Hurton

Prefix error-reason with length in ERROR command

parent 6dbc7051
...@@ -78,12 +78,13 @@ int zmq::null_mechanism_t::next_handshake_command (msg_t *msg_) ...@@ -78,12 +78,13 @@ int zmq::null_mechanism_t::next_handshake_command (msg_t *msg_)
if (zap_reply_received if (zap_reply_received
&& strncmp (status_code, "200", sizeof status_code) != 0) { && strncmp (status_code, "200", sizeof status_code) != 0) {
const int rc = msg_->init_size (6 + sizeof status_code); const int rc = msg_->init_size (6 + 1 + sizeof status_code);
zmq_assert (rc == 0); zmq_assert (rc == 0);
unsigned char *msg_data = unsigned char *msg_data =
static_cast <unsigned char *> (msg_->data ()); static_cast <unsigned char *> (msg_->data ());
memcpy (msg_data, "\5ERROR", 6); memcpy (msg_data, "\5ERROR", 6);
memcpy (msg_data + 6, status_code, sizeof status_code); msg_data [6] = sizeof status_code;
memcpy (msg_data + 7, status_code, sizeof status_code);
error_command_sent = true; error_command_sent = true;
return 0; return 0;
} }
...@@ -163,8 +164,12 @@ int zmq::null_mechanism_t::process_ready_command ( ...@@ -163,8 +164,12 @@ int zmq::null_mechanism_t::process_ready_command (
int zmq::null_mechanism_t::process_error_command ( int zmq::null_mechanism_t::process_error_command (
const unsigned char *cmd_data, size_t data_size) const unsigned char *cmd_data, size_t data_size)
{ {
const size_t error_reason_len = data_size - 6; if (data_size < 7) {
if (error_reason_len < 1 || error_reason_len > 255) { errno = EPROTO;
return -1;
}
const size_t error_reason_len = static_cast <size_t> (cmd_data [6]);
if (error_reason_len > data_size - 7) {
errno = EPROTO; errno = EPROTO;
return -1; return -1;
} }
......
...@@ -199,8 +199,12 @@ int zmq::plain_client_t::process_error ( ...@@ -199,8 +199,12 @@ int zmq::plain_client_t::process_error (
errno = EPROTO; errno = EPROTO;
return -1; return -1;
} }
const size_t error_reason_len = data_size - 6; if (data_size < 7) {
if (error_reason_len < 1 || error_reason_len > 255) { errno = EPROTO;
return -1;
}
const size_t error_reason_len = static_cast <size_t> (cmd_data [6]);
if (error_reason_len > data_size - 7) {
errno = EPROTO; errno = EPROTO;
return -1; return -1;
} }
......
...@@ -261,11 +261,12 @@ int zmq::plain_server_t::produce_ready (msg_t *msg_) const ...@@ -261,11 +261,12 @@ int zmq::plain_server_t::produce_ready (msg_t *msg_) const
int zmq::plain_server_t::produce_error (msg_t *msg_) const int zmq::plain_server_t::produce_error (msg_t *msg_) const
{ {
zmq_assert (status_code.length () == 3); zmq_assert (status_code.length () == 3);
const int rc = msg_->init_size (6 + status_code.length ()); const int rc = msg_->init_size (6 + 1 + status_code.length ());
zmq_assert (rc == 0); zmq_assert (rc == 0);
char *msg_data = static_cast <char *> (msg_->data ()); char *msg_data = static_cast <char *> (msg_->data ());
memcpy (msg_data, "\5ERROR", 6); memcpy (msg_data, "\5ERROR", 6);
memcpy (msg_data + 6, status_code.c_str (), status_code.length ()); msg_data [6] = status_code.length ();
memcpy (msg_data + 7, status_code.c_str (), status_code.length ());
return 0; return 0;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment