Bail out of packet eater if less than 4 bytes available.

Without this, packlen will be initialized with undefined data. This
causes "oversize packet" errors.
This commit is contained in:
Alistair Buxton 2013-02-06 22:12:42 +00:00
parent 972922607b
commit b52f2e0ca7
1 changed files with 4 additions and 0 deletions

View File

@ -514,6 +514,10 @@ static void sUpdateContext(uSynergyContext *context)
/* Eat packets */
for (;;)
{
/* If less than 4 bytes left in buffer, we can't even get the next packet length yet */
if(context->m_receiveOfs < 4)
return;
/* Grab packet length and bail out if the packet goes beyond the end of the buffer */
packlen = sNetToNative32(context->m_receiveBuffer);
if (packlen+4 > context->m_receiveOfs)