File openslp.checkovr.diff of Package openslp
--- ./common/slp_xcast.c.orig 2006-06-20 14:52:11.000000000 +0000
+++ ./common/slp_xcast.c 2006-06-26 10:08:42.000000000 +0000
@@ -75,6 +75,7 @@
#include "slp_xcast.h"
#include "slp_message.h"
+#include "slp_v1message.h"
#include "slp_property.h"
/*========================================================================*/
@@ -354,14 +355,26 @@ int SLPXcastRecvMessage(const SLPXcastSo
#endif
)
{
- if(AsUINT24(peek + 2) <= SLP_MAX_DATAGRAM_SIZE)
+ int ovlbit;
+ size_t size;
+ if (peek[0] == 1)
{
- *buf = SLPBufferRealloc(*buf, AsUINT24(peek + 2));
+ size = AsUINT16(peek + 2);
+ ovlbit = peek[4] & SLPv1_FLAG_OVERFLOW;
+ }
+ else
+ {
+ size = AsUINT24(peek + 2);
+ ovlbit = peek[5] & (SLP_FLAG_OVERFLOW >> 8);
+ }
+ if(size <= SLP_MAX_DATAGRAM_SIZE && !ovlbit)
+ {
+ *buf = SLPBufferRealloc(*buf, size);
bytesread = recv(sockets->sock[i],
(*buf)->curpos,
(*buf)->end - (*buf)->curpos,
0);
- if(bytesread != AsUINT24(peek + 2))
+ if(bytesread != size)
{
/* This should never happen but we'll be paranoid*/
(*buf)->end = (*buf)->curpos + bytesread;
@@ -377,12 +390,14 @@ int SLPXcastRecvMessage(const SLPXcastSo
/* we got a bad message, or one that is too big! */
#ifndef UNICAST_NOT_SUPPORTED
/* Reading SLP_MAX_DATAGRAM_SIZE bytes on the socket */
- *buf = SLPBufferRealloc(*buf, SLP_MAX_DATAGRAM_SIZE);
+ if (size > SLP_MAX_DATAGRAM_SIZE)
+ size = SLP_MAX_DATAGRAM_SIZE;
+ *buf = SLPBufferRealloc(*buf, size);
bytesread = recv(sockets->sock[i],
(*buf)->curpos,
(*buf)->end - (*buf)->curpos,
0);
- if(bytesread != SLP_MAX_DATAGRAM_SIZE)
+ if(bytesread != size)
{
/* This should never happen but we'll be paranoid*/
(*buf)->end = (*buf)->curpos + bytesread;
