[6294] in Athena Bugs
get_message
daemon@ATHENA.MIT.EDU (John Carr)
Mon Oct 29 01:51:52 1990
To: bugs@ATHENA.MIT.EDU
Date: Mon, 29 Oct 90 01:51:41 EST
From: John Carr <jfc@ATHENA.MIT.EDU>
The data read from the server is not null terminated, and get_message does
not add a null. Also, the type passed to free in case of error is wrong.
Apparently the BSD C library has always given a 0 filled block for the
malloc here. AIX does not.
*** /source/athena/bin.athena/gms/get_message_from_server.c Thu Jul 12 15:16:11 1990
--- get_message_from_server.c Mon Oct 29 01:48:08 1990
***************
*** 113,127 ****
}
message_data = malloc(GMS_MAX_MESSAGE_LEN);
! stat = recv(sck, message_data, GMS_MAX_MESSAGE_LEN, 0);
close(sck); /* regardless of any errors... */
if(stat == -1) {
! free(*message_data);
return(errno);
}
*ret_message_size = stat;
*ret_message = message_data;
return(0);
--- 113,130 ----
}
message_data = malloc(GMS_MAX_MESSAGE_LEN);
! stat = recv(sck, message_data, GMS_MAX_MESSAGE_LEN-1, 0);
close(sck); /* regardless of any errors... */
if(stat == -1) {
! free(message_data);
return(errno);
+ } else if(stat == 0) {
+ return GMS_SERVER_GARBLED;
}
+ message_data[stat] = '\0';
*ret_message_size = stat;
*ret_message = message_data;
return(0);
