s3:lib: Fix undefined behavior in messages_dgm

source3/lib/messages_dgm.c:1290:7: runtime error: variable length array
bound evaluates to non-positive value 0

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/source3/lib/messages_dgm.c b/source3/lib/messages_dgm.c
index daaad9619e080c632d2250197f5b6bf7da8cfc3f..af12be8d82eb9a2c90823e0de223015742696b4f 100644 (file)
--- a/source3/lib/messages_dgm.c
+++ b/source3/lib/messages_dgm.c
@@ -1249,6 +1249,7 @@ static void messaging_dgm_read_handler(struct tevent_context *ev,
        size_t msgbufsize = msghdr_prep_recv_fds(NULL, NULL, 0, INT8_MAX);
        uint8_t msgbuf[msgbufsize];
        uint8_t buf[MESSAGING_DGM_FRAGMENT_LENGTH];
+       size_t num_fds;
 
        messaging_dgm_validate(ctx);
 
@@ -1284,8 +1285,12 @@ static void messaging_dgm_read_handler(struct tevent_context *ev,
                return;
        }
 
-       {
-               size_t num_fds = msghdr_extract_fds(&msg, NULL, 0);
+       num_fds = msghdr_extract_fds(&msg, NULL, 0);
+       if (num_fds == 0) {
+               int fds[1];
+
+               messaging_dgm_recv(ctx, ev, buf, received, fds, 0);
+       } else {
                size_t i;
                int fds[num_fds];
 
@@ -1303,7 +1308,6 @@ static void messaging_dgm_read_handler(struct tevent_context *ev,
 
                messaging_dgm_recv(ctx, ev, buf, received, fds, num_fds);
        }
-
 }
 
 static int messaging_dgm_in_msg_destructor(struct messaging_dgm_in_msg *m)