From 46109dfec75534fe270c0ab902576f685d5ab3a6 Mon Sep 17 00:00:00 2001 From: Vincent Untz Date: Fri, 18 Feb 2011 23:37:00 +0100 Subject: socket: Still read corrupt packets from the sockets Else, we end up with an infinite loop with 100% CPU. http://www.avahi.org/ticket/325 https://bugzilla.redhat.com/show_bug.cgi?id=667187 --- avahi-core/socket.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/avahi-core/socket.c b/avahi-core/socket.c index be62105..e69ec7d 100644 --- a/avahi-core/socket.c +++ b/avahi-core/socket.c @@ -653,10 +653,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4( goto fail; } - /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */ - if (!ms) - goto fail; - p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE); io.iov_base = AVAHI_DNS_PACKET_DATA(p); @@ -683,10 +679,14 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv4( goto fail; } - if (sa.sin_addr.s_addr == INADDR_ANY) { + /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So + * fail after having read them. */ + if (!ms) + goto fail; + + if (sa.sin_addr.s_addr == INADDR_ANY) /* Linux 2.4 behaves very strangely sometimes! */ goto fail; - } assert(!(msg.msg_flags & MSG_CTRUNC)); assert(!(msg.msg_flags & MSG_TRUNC)); @@ -810,10 +810,6 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6( goto fail; } - /* For corrupt packets FIONREAD returns zero size (See rhbz #607297) */ - if (!ms) - goto fail; - p = avahi_dns_packet_new(ms + AVAHI_DNS_PACKET_EXTRA_SIZE); io.iov_base = AVAHI_DNS_PACKET_DATA(p); @@ -841,6 +837,11 @@ AvahiDnsPacket *avahi_recv_dns_packet_ipv6( goto fail; } + /* For corrupt packets FIONREAD returns zero size (See rhbz #607297). So + * fail after having read them. */ + if (!ms) + goto fail; + assert(!(msg.msg_flags & MSG_CTRUNC)); assert(!(msg.msg_flags & MSG_TRUNC)); -- cgit