From 8f3685d67bcec78c7028eedc9ee0fcaefb3aa13f Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Sat, 22 Nov 2008 17:38:16 +0100 Subject: [PATCH] Fix an off-by-one bug in recv_pattern(). The current code in recv_pattern() allocates a buffer of size bufsize + 1 and calls recv_buffer() with bufsize as the size parameter. However, recv_buffer() reserves the last byte of the buffer for storing the terminating NULL byte, so that at most bufsize - 1 characters are read. Fix it by passing bufsize + 1 (the real size of the buffer) to recv_buffer(). --- net.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/net.c b/net.c index 60f8e9a1..9309ac1f 100644 --- a/net.c +++ b/net.c @@ -728,10 +728,9 @@ int recv_cred_buffer(int fd, char *buf, size_t size) * * \return Positive if \a pattern was received, negative otherwise. * - * This function creates a buffer of size \a bufsize and tries - * to receive at most \a bufsize bytes from file descriptor \a fd. - * If at least \p strlen(\a pattern) bytes were received, the beginning of - * the received buffer is compared with \a pattern, ignoring case. + * This function tries to receive at most \a bufsize bytes from file descriptor + * \a fd. If at least \p strlen(\a pattern) bytes were received, the beginning + * of the received buffer is compared with \a pattern, ignoring case. * * \sa recv_buffer(), \sa strncasecmp(3). */ @@ -739,7 +738,7 @@ int recv_pattern(int fd, const char *pattern, size_t bufsize) { size_t len = strlen(pattern); char *buf = para_malloc(bufsize + 1); - int ret = -E_RECV_PATTERN, n = recv_buffer(fd, buf, bufsize); + int ret = -E_RECV_PATTERN, n = recv_buffer(fd, buf, bufsize + 1); if (n < len) goto out; -- 2.30.2