Commit Diff

Commit:
f2466297885cfdd3424033139d5aa14065791b84
From:
rsc <devnull@localhost>
Date:
Message:
paranoia about extension
Actions:
Patch | Tree
commit - 1e22e8e41463896755b37d45bf76e14683e30f94
commit + f2466297885cfdd3424033139d5aa14065791b84
blob - 623b966a51b1828137f8349bc11dc00434114f03
blob + 3693164b12288b7bdc5e9bebbf40e6bcb00bd961
--- src/cmd/9pserve.c
+++ src/cmd/9pserve.c
@@ -10,7 +10,8 @@ enum
 {
 	STACK = 32768,
 	NHASH = 31,
-	MAXMSG = 64	/* per connection */
+	MAXMSG = 64,	/* per connection */
+	MAXMSGSIZE = 4*1024*1024
 };
 
 typedef struct Hash Hash;
@@ -231,6 +232,8 @@ mainproc(void *v)
 		if(n != nn)
 			sysfatal("error writing Tversion: %r\n");
 		n = read9pmsg(0, vbuf, sizeof vbuf);
+		if(n < 0)
+			sysfatal("read9pmsg failure"):
 		if(convM2S(vbuf, n, &f) != n)
 			sysfatal("convM2S failure");
 		if(f.msize < msize)
@@ -1220,6 +1223,8 @@ read9ppkt(Ioproc *io, int fd)
 	if(n != 4)
 		return nil;
 	n = GBIT32(buf);
+	if(n > MAXMSGSIZE)
+		return nil;
 	pkt = emalloc(n);
 	PBIT32(pkt, n);
 	nn = ioreadn(io, fd, pkt+4, n-4);