ref: e283e9f2622b7df01c315adf41325cbf1e087727
parent: 8e6a699a50caaa038d45ff8db473bb7059cb2947
author: B. Wilson <x@wilsonb.com>
date: Tue Jun 24 05:56:39 EDT 2025
Fix readmsg length deserialization
--- a/ridefs.c
+++ b/ridefs.c
@@ -203,7 +203,8 @@
long
readmsg(int fd, void **pld){- int len, e;
+ ulong len;
+ int e;
char buf[9];
if(0 > (e = readn(fd, buf, 8)))
@@ -213,9 +214,14 @@
if(0 != (e = strcmp(&buf[4], "RIDE")))
return e;
- len = -8 + (buf[0]<<24 | buf[1]<<16 | buf[2]<<8 | buf[3]);
- *pld = ecalloc(len+1); /* ensure trailing null byte */
- if(0 > (e = readn(fd, *pld, len))){+ len = buf[0]<<24 & 0xff000000;
+ len |= buf[1]<<16 & 0x00ff0000;
+ len |= buf[2]<<8 & 0x0000ff00;
+ len |= buf[3] & 0x000000ff;
+ len -= 8; /* len + magic */
+ len += 1; /* trailing string null */
+ *pld = ecalloc(len);
+ if(0 > (e = readn(fd, *pld, len-1))){free(*pld);
return e;
}
--
⑨