You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@thrift.apache.org by ro...@apache.org on 2012/10/18 00:05:45 UTC

svn commit: r1399452 - in /thrift/trunk/lib/c_glib/src/thrift/transport: thrift_buffered_transport.c thrift_socket.c

Author: roger
Date: Wed Oct 17 22:05:44 2012
New Revision: 1399452

URL: http://svn.apache.org/viewvc?rev=1399452&view=rev
Log:
THRIFT-1414 bufferoverflow in c_glib buffered transport/socket client 
Patch: Christian Zimnick


Modified:
    thrift/trunk/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c
    thrift/trunk/lib/c_glib/src/thrift/transport/thrift_socket.c

Modified: thrift/trunk/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c
URL: http://svn.apache.org/viewvc/thrift/trunk/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c?rev=1399452&r1=1399451&r2=1399452&view=diff
==============================================================================
--- thrift/trunk/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c (original)
+++ thrift/trunk/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c Wed Oct 17 22:05:44 2012
@@ -71,7 +71,7 @@ thrift_buffered_transport_read_slow (Thr
   ThriftBufferedTransport *t = THRIFT_BUFFERED_TRANSPORT (transport);
   guint32 want = len;
   guint32 got = 0;
-  guchar tmpdata[t->r_buf_size];
+  guchar tmpdata[len];
   guint32 have = t->r_buf->len;
 
   // we shouldn't hit this unless the buffer doesn't have enough to read
@@ -101,7 +101,7 @@ thrift_buffered_transport_read_slow (Thr
   } else {
     got += THRIFT_TRANSPORT_GET_CLASS (t->transport)->read (t->transport,
                                                             tmpdata,
-                                                            t->r_buf_size,
+                                                            want,
                                                             error);
     t->r_buf = g_byte_array_append (t->r_buf, tmpdata, got);
     

Modified: thrift/trunk/lib/c_glib/src/thrift/transport/thrift_socket.c
URL: http://svn.apache.org/viewvc/thrift/trunk/lib/c_glib/src/thrift/transport/thrift_socket.c?rev=1399452&r1=1399451&r2=1399452&view=diff
==============================================================================
--- thrift/trunk/lib/c_glib/src/thrift/transport/thrift_socket.c (original)
+++ thrift/trunk/lib/c_glib/src/thrift/transport/thrift_socket.c Wed Oct 17 22:05:44 2012
@@ -129,7 +129,7 @@ thrift_socket_read (ThriftTransport *tra
 
   while (got < len)
   {
-    ret = recv (socket->sd, buf, len, 0);
+    ret = recv (socket->sd, buf+got, len-got, 0);
     if (ret < 0)
     {
       g_set_error (error, THRIFT_TRANSPORT_ERROR,