From 37b26592d0fdc4e7f858648e9a997be983b81511 Mon Sep 17 00:00:00 2001 From: Stephen Heumann Date: Mon, 15 Apr 2019 19:50:36 -0500 Subject: [PATCH] Work around Marinetti bug 57. This could cause Marinetti to return more data than it should, starting with valid data but then including corrupt data. The workaround I'm using is to have Marinetti return a new handle and then copy the data out of it, using the size of the handle as the true size of the data that was read. Because of details of how Marinetti works, that size is correct. --- diskbrowser.c | 5 +++++ readtcp.c | 18 +++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/diskbrowser.c b/diskbrowser.c index 72cb8e3..4e4a896 100644 --- a/diskbrowser.c +++ b/diskbrowser.c @@ -312,6 +312,11 @@ void DoSearch(void) { /* keep reading */ ; sess.contentLength -= sess.readCount; *(netBuf + sess.contentLength) = 0; + if (sess.contentLength == 0) { + result = NO_RESPONSE; + goto errorReturn; + } + if (json) json_value_free(json); diff --git a/readtcp.c b/readtcp.c index 78918ff..ae3b2ba 100644 --- a/readtcp.c +++ b/readtcp.c @@ -2,7 +2,9 @@ #include "readtcp.h" #include "session.h" +#include #include +#include #include #include @@ -24,15 +26,25 @@ ReadStatus TryReadTCP(Session *sess) { rrBuff rrBuff; TCPIPPoll(); - sess->tcperr = TCPIPReadTCP(sess->ipid, buffTypePointer, (Ref)sess->readPtr, + sess->tcperr = TCPIPReadTCP(sess->ipid, buffTypeNewHandle, NULL, sess->readCount, &rrBuff); sess->toolerr = toolerror(); if (sess->tcperr || sess->toolerr) { return rsError; } - sess->readCount -= rrBuff.rrBuffCount; - sess->readPtr += rrBuff.rrBuffCount; + if (rrBuff.rrBuffCount != 0) { + /* Work around Marinetti bug #57 */ + rrBuff.rrBuffCount = GetHandleSize(rrBuff.rrBuffHandle); + + HLock(rrBuff.rrBuffHandle); + memcpy(sess->readPtr, *rrBuff.rrBuffHandle, rrBuff.rrBuffCount); + DisposeHandle(rrBuff.rrBuffHandle); + + sess->readCount -= rrBuff.rrBuffCount; + sess->readPtr += rrBuff.rrBuffCount; + } + if (sess->readCount == 0) { return rsDone;