commit - 9ebb95a72ab30c47e0c1e37626b79f75e2d9c4e2
commit + 3fe030c5e0903a3bce3ed499d8ed3898bc7cbc38
blob - aaf97758e6406fad4916feafe973c1a3cb7c8b90
blob + a81736d696625086f75ceab40a35c8f7baaf8ee2
--- client.c
+++ client.c
}
/* fid[4] afid[4] uname[s] aname[s] */
- if (len < 4 + 4 + 2 + 2)
+ if (len < 12) { /* minimal case, uname and aname both "" */
+ log_warnx("%s: expecting at least %d bytes; got %zu",
+ __func__, 12, len);
goto err;
+ }
memcpy(&fid, data, sizeof(fid));
data += sizeof(fid);
len -= sizeof(size);
size = le16toh(size);
- if (len < size + 2)
+ if (len < size + 2) {
+ log_warnx("%s: expecting at least %d bytes for "
+ "uname and aname; got %zu", __func__, size + 2, len);
goto err;
+ }
data += size;
len -= size;
len -= sizeof(size);
size = le16toh(size);
- if (len != size)
+ if (len != size) {
+ log_warnx("%s: expecting %d bytes for aname, got %zu",
+ __func__, size, len);
goto err;
+ }
+
if (len > sizeof(aname)-1) {
np_error(hdr->tag, "name too long");
return;