connection: return error on buffer-overflow during read

wl_connection_read() assumes that the caller dispatched all messages before calling it. wl_buffer_put_iov() does only provide enough room so we fill the buffer. So the only case when the buffer overflows, is when a previous read filled up the buffer but we couldn't parse a single message from it. In this case, the client sent a message bigger than our buffer and we should return an error and close the connection. krh: Edited from Davids original patch to just check that the buffer isn't full before we try reading into it. Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
author: Kristian Høgsberg <krh@bitplanet.net> 2012-10-15 17:19:38 -0400
committer: Kristian Høgsberg <krh@bitplanet.net> 2012-10-15 17:21:06 -0400
commit: 04720307e91c45a772858fd3fcb0203a0b68ac17 (patch)
tree: 595d7ae1c90d6e1b9906a2e23563c9b9b4f10661
parent: ad03a59f5cab9e853dc024c801b49aa3ef6d33ff (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/connection.c b/src/connection.c
index b00491e..fdc9309 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -314,6 +314,11 @@ wl_connection_read(struct wl_connection *connection)
 	char cmsg[CLEN];
 	int len, count, ret;
 
+	if (wl_buffer_size(&connection->in) >= sizeof(connection->in.data)) {
+		errno = EOVERFLOW;
+		return -1;
+	}
+
 	wl_buffer_put_iov(&connection->in, iov, &count);
 
 	msg.msg_name = NULL;
author	Kristian Høgsberg <krh@bitplanet.net>	2012-10-15 17:19:38 -0400
committer	Kristian Høgsberg <krh@bitplanet.net>	2012-10-15 17:21:06 -0400
commit	04720307e91c45a772858fd3fcb0203a0b68ac17 (patch)
tree	595d7ae1c90d6e1b9906a2e23563c9b9b4f10661
parent	ad03a59f5cab9e853dc024c801b49aa3ef6d33ff (diff)