From b928a79eebfc9d87d84886185aba4a75705e221a Mon Sep 17 00:00:00 2001 From: w00t Date: Wed, 2 Jul 2008 03:21:53 +0000 Subject: Fix an off-by-one which could possibly perhaps cause djGrrr/satmd's bug by dropping a read buffer into the bit bucket if it was of an exact enough size to cause problems. No guarentees. git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@9944 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/inspsocket.cpp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/inspsocket.cpp b/src/inspsocket.cpp index 2fb811508..e70b7647b 100644 --- a/src/inspsocket.cpp +++ b/src/inspsocket.cpp @@ -399,7 +399,7 @@ const char* BufferedSocket::Read() int MOD_RESULT = 0; try { - MOD_RESULT = Instance->Config->GetIOHook(this)->OnRawSocketRead(this->fd,this->ibuf,sizeof(this->ibuf),result2); + MOD_RESULT = Instance->Config->GetIOHook(this)->OnRawSocketRead(this->fd,this->ibuf,sizeof(this->ibuf) - 1,result2); } catch (CoreException& modexcept) { @@ -417,10 +417,16 @@ const char* BufferedSocket::Read() } else { - n = recv(this->fd,this->ibuf,sizeof(this->ibuf),0); + n = recv(this->fd,this->ibuf,sizeof(this->ibuf) - 1,0); } - if ((n > 0) && (n <= (int)sizeof(this->ibuf))) + /* + * This used to do some silly bounds checking instead of just passing bufsize - 1 to recv. + * Not only does that make absolutely no sense, but it could potentially result in a read buffer's worth + * of data being thrown into the bit bucket for no good reason, which is just *stupid*.. do things correctly now. + * --w00t (july 2, 2008) + */ + if (n > 0) { ibuf[n] = 0; return ibuf; -- cgit v1.2.3