[Spread-cvs] cvs commit: spread/javalib SpreadConnection.java
jonathan at spread.org
jonathan at spread.org
Thu Mar 4 19:23:28 EST 2004
jonathan 04/03/04 19:23:28
Modified: javalib SpreadConnection.java
Log:
Client validation of message size and number of groups values sent by daemon.
Old fix from July 1, 2003 that was never committed.
Revision Changes Path
1.6 +9 -1 spread/javalib/SpreadConnection.java
Index: SpreadConnection.java
===================================================================
RCS file: /storage/cvsroot/spread/javalib/SpreadConnection.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- SpreadConnection.java 17 Jun 2003 19:02:00 -0000 1.5
+++ SpreadConnection.java 5 Mar 2004 00:23:27 -0000 1.6
@@ -1111,7 +1111,15 @@
//////////////////////////////
daemonEndianMismatch = false;
}
-
+
+ // Validate numGroups and dataLen
+
+ if ( (numGroups < 0) || (dataLen < 0) )
+ {
+ // drop message
+ throw new SpreadException("Illegal Message: Message Dropped");
+ }
+
// An endian mismatch.
//////////////////////
boolean endianMismatch;
More information about the Spread-cvs
mailing list