Work around Marinetti bug 57.

This could cause Marinetti to return more data than it should, starting with valid data but then including corrupt data.

The workaround I'm using is to have Marinetti return a new handle and then copy the data out of it, using the size of the handle as the true size of the data that was read. Because of details of how Marinetti works, that size is correct.
This commit is contained in:
Stephen Heumann 2019-04-15 19:50:36 -05:00
parent 5d59a9d032
commit 37b26592d0
2 changed files with 20 additions and 3 deletions

View File

@ -312,6 +312,11 @@ void DoSearch(void) {
/* keep reading */ ;
sess.contentLength -= sess.readCount;
*(netBuf + sess.contentLength) = 0;
if (sess.contentLength == 0) {
result = NO_RESPONSE;
goto errorReturn;
}
if (json)
json_value_free(json);

View File

@ -2,7 +2,9 @@
#include "readtcp.h"
#include "session.h"
#include <string.h>
#include <tcpip.h>
#include <memory.h>
#include <misctool.h>
#include <orca.h>
@ -24,15 +26,25 @@ ReadStatus TryReadTCP(Session *sess) {
rrBuff rrBuff;
TCPIPPoll();
sess->tcperr = TCPIPReadTCP(sess->ipid, buffTypePointer, (Ref)sess->readPtr,
sess->tcperr = TCPIPReadTCP(sess->ipid, buffTypeNewHandle, NULL,
sess->readCount, &rrBuff);
sess->toolerr = toolerror();
if (sess->tcperr || sess->toolerr) {
return rsError;
}
if (rrBuff.rrBuffCount != 0) {
/* Work around Marinetti bug #57 */
rrBuff.rrBuffCount = GetHandleSize(rrBuff.rrBuffHandle);
HLock(rrBuff.rrBuffHandle);
memcpy(sess->readPtr, *rrBuff.rrBuffHandle, rrBuff.rrBuffCount);
DisposeHandle(rrBuff.rrBuffHandle);
sess->readCount -= rrBuff.rrBuffCount;
sess->readPtr += rrBuff.rrBuffCount;
}
if (sess->readCount == 0) {
return rsDone;