projects
/
citadel.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
fe0848e
)
READ: sanitize values & output errors on invalid parameters.
author
Wilfried Goesgens
<dothebart@citadel.org>
Sat, 9 Jun 2012 13:02:17 +0000
(15:02 +0200)
committer
Wilfried Goesgens
<dothebart@citadel.org>
Sat, 9 Jun 2012 13:02:17 +0000
(15:02 +0200)
citadel/file_ops.c
patch
|
blob
|
history
diff --git
a/citadel/file_ops.c
b/citadel/file_ops.c
index ba4c2c3a9c533817a3843ea38e110ec3dae74656..75670266b73d9a5aec9382d4ab9f18de5840b43c 100644
(file)
--- a/
citadel/file_ops.c
+++ b/
citadel/file_ops.c
@@
-588,10
+588,15
@@
void cmd_read(char *cmdbuf)
long start_pos;
size_t bytes;
char buf[SIZ];
long start_pos;
size_t bytes;
char buf[SIZ];
+ int rc;
/* The client will transmit its requested offset and byte count */
start_pos = extract_long(cmdbuf, 0);
bytes = extract_int(cmdbuf, 1);
/* The client will transmit its requested offset and byte count */
start_pos = extract_long(cmdbuf, 0);
bytes = extract_int(cmdbuf, 1);
+ if ((start_pos < 0) || (bytes <= 0)) {
+ cprintf("%d you have to specify a value > 0.\n", ERROR + ILLEGAL_VALUE);
+ return;
+ }
if (CC->download_fp == NULL) {
cprintf("%d You don't have a download file open.\n",
if (CC->download_fp == NULL) {
cprintf("%d You don't have a download file open.\n",
@@
-604,7
+609,11
@@
void cmd_read(char *cmdbuf)
bytes = sizeof(buf);
}
bytes = sizeof(buf);
}
- fseek(CC->download_fp, start_pos, 0);
+ rc = fseek(CC->download_fp, start_pos, 0);
+ if (rc != start_pos) {
+ cprintf("%d your file is smaller then %ld.\n", ERROR + ILLEGAL_VALUE, start_pos);
+ return;
+ }
bytes = fread(buf, 1, bytes, CC->download_fp);
if (bytes > 0) {
/* Tell the client the actual byte count and transmit it */
bytes = fread(buf, 1, bytes, CC->download_fp);
if (bytes > 0) {
/* Tell the client the actual byte count and transmit it */