Prefix error-reason with length in ERROR command

2024-12-29 00:32:34 +08:00 · 2014-05-14 14:12:04 +02:00 · 2014-05-14 14:12:04 +02:00 · 410f891599
commit 410f891599
parent 6dbc70516c
3 changed files with 18 additions and 8 deletions
--- a/src/null_mechanism.cpp
+++ b/src/null_mechanism.cpp
@ -78,12 +78,13 @@ int zmq::null_mechanism_t::next_handshake_command (msg_t *msg_)

    if (zap_reply_received
    &&  strncmp (status_code, "200", sizeof status_code) != 0) {
-        const int rc = msg_->init_size (6 + sizeof status_code);
+        const int rc = msg_->init_size (6 + 1 + sizeof status_code);
        zmq_assert (rc == 0);
        unsigned char *msg_data =
            static_cast <unsigned char *> (msg_->data ());
        memcpy (msg_data, "\5ERROR", 6);
-        memcpy (msg_data + 6, status_code, sizeof status_code);
+        msg_data [6] = sizeof status_code;
+        memcpy (msg_data + 7, status_code, sizeof status_code);
        error_command_sent = true;
        return 0;
    }
@ -163,8 +164,12 @@ int zmq::null_mechanism_t::process_ready_command (
 int zmq::null_mechanism_t::process_error_command (
        const unsigned char *cmd_data, size_t data_size)
 {
-    const size_t error_reason_len = data_size - 6;
-    if (error_reason_len < 1 || error_reason_len > 255) {
+    if (data_size < 7) {
+        errno = EPROTO;
+        return -1;
+    }
+    const size_t error_reason_len = static_cast <size_t> (cmd_data [6]);
+    if (error_reason_len > data_size - 7) {
        errno = EPROTO;
        return -1;
    }
--- a/src/plain_client.cpp
+++ b/src/plain_client.cpp
@ -199,8 +199,12 @@ int zmq::plain_client_t::process_error (
        errno = EPROTO;
        return -1;
    }
-    const size_t error_reason_len = data_size - 6;
-    if (error_reason_len < 1 || error_reason_len > 255) {
+    if (data_size < 7) {
+        errno = EPROTO;
+        return -1;
+    }
+    const size_t error_reason_len = static_cast <size_t> (cmd_data [6]);
+    if (error_reason_len > data_size - 7) {
        errno = EPROTO;
        return -1;
    }
--- a/src/plain_server.cpp
+++ b/src/plain_server.cpp
@ -261,11 +261,12 @@ int zmq::plain_server_t::produce_ready (msg_t *msg_) const
 int zmq::plain_server_t::produce_error (msg_t *msg_) const
 {
    zmq_assert (status_code.length () == 3);
-    const int rc = msg_->init_size (6 + status_code.length ());
+    const int rc = msg_->init_size (6 + 1 + status_code.length ());
    zmq_assert (rc == 0);
    char *msg_data = static_cast <char *> (msg_->data ());
    memcpy (msg_data, "\5ERROR", 6);
-    memcpy (msg_data + 6, status_code.c_str (), status_code.length ());
+    msg_data [6] = status_code.length ();
+    memcpy (msg_data + 7, status_code.c_str (), status_code.length ());
    return 0;
 }