summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVincent Untz <vuntz@opensuse.org>2011-02-18 23:37:00 +0100
committerLennart Poettering <lennart@poettering.net>2011-02-18 23:37:00 +0100
commit46109dfec75534fe270c0ab902576f685d5ab3a6 (patch)
treec5fde09681801a107591dc94245f049bbdb95cc6
parentdac7e8a519f90d85f6bcdde6164f0f352c485c82 (diff)
socket: Still read corrupt packets from the sockets
Else, we end up with an infinite loop with 100% CPU. http://www.avahi.org/ticket/325 https://bugzilla.redhat.com/show_bug.cgi?id=667187
-rw-r--r--avahi-core/socket.c21
1 files changed, 11 insertions, 10 deletions
diff --git a/avahi-core/socket.c b/avahi-core/socket.c
index be62105..e69ec7d 100644
--- a/avahi-core/socket.c
+++ b/avahi-core/socket.c
@@ -653,10 +653,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4(
goto fail;
}
- /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
- if (!ms)
- goto fail;
-
p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
io.iov_base = AVAHI_DNS_PACKET_DATA(p);
@@ -683,10 +679,14 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4(
goto fail;
}
- if (sa.sin_addr.s_addr == INADDR_ANY) {
+ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
+ * fail after having read them. */
+ if (!ms)
+ goto fail;
+
+ if (sa.sin_addr.s_addr == INADDR_ANY)
/* Linux 2.4 behaves very strangely sometimes! */
goto fail;
- }
assert(!(msg.msg_flags & MSG_CTRUNC));
assert(!(msg.msg_flags & MSG_TRUNC));
@@ -810,10 +810,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6(
goto fail;
}
- /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */
- if (!ms)
- goto fail;
-
p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE);
io.iov_base = AVAHI_DNS_PACKET_DATA(p);
@@ -841,6 +837,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6(
goto fail;
}
+ /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So
+ * fail after having read them. */
+ if (!ms)
+ goto fail;
+
assert(!(msg.msg_flags & MSG_CTRUNC));
assert(!(msg.msg_flags & MSG_TRUNC));