diff options
Diffstat (limited to 'sunrpc/xdr_rec.c')
| -rw-r--r-- | sunrpc/xdr_rec.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/sunrpc/xdr_rec.c b/sunrpc/xdr_rec.c index a4e28b0548..b2ab2faabc 100644 --- a/sunrpc/xdr_rec.c +++ b/sunrpc/xdr_rec.c @@ -565,16 +565,20 @@ set_input_fragment (RECSTREAM *rstrm) { u_long header; - if (!get_input_bytes (rstrm, (caddr_t) & header, BYTES_PER_XDR_UNIT)) + if (! get_input_bytes (rstrm, (caddr_t)&header, BYTES_PER_XDR_UNIT)) return FALSE; header = ntohl (header); rstrm->last_frag = ((header & LAST_FRAG) == 0) ? FALSE : TRUE; /* * Sanity check. Try not to accept wildly incorrect - * record sizes. + * record sizes. Unfortunately, the only record size + * we can positively identify as being 'wildly incorrect' + * is zero. Ridiculously large record sizes may look wrong, + * but we don't have any way to be certain that they aren't + * what the client actually intended to send us. */ - if ((header & (~LAST_FRAG)) > rstrm->recvsize) - return(FALSE); + if ((header & (~LAST_FRAG)) == 0) + return FALSE; rstrm->fbtbc = header & ~LAST_FRAG; return TRUE; } |