socket_wrapper: fix crash bug in swrap_readv/writev

author Stefan Metzmacher <metze@samba.org>

Wed, 8 Apr 2009 17:08:34 +0000 (19:08 +0200)

committer Stefan Metzmacher <metze@samba.org>

Fri, 10 Apr 2009 17:38:29 +0000 (19:38 +0200)
author Stefan Metzmacher <metze@samba.org>
Wed, 8 Apr 2009 17:08:34 +0000 (19:08 +0200)
committer Stefan Metzmacher <metze@samba.org>
Fri, 10 Apr 2009 17:38:29 +0000 (19:38 +0200)
diff --git a/lib/socket_wrapper/socket_wrapper.c b/lib/socket_wrapper/socket_wrapper.c

index 553827b1922103dba6851ab24506f6d8d092f274..d3853de50d0c4b64995e3aeea5ed1b2d4869def8 100644 (file)
--- a/lib/socket_wrapper/socket_wrapper.c
+++ b/lib/socket_wrapper/socket_wrapper.c
@@ -2101,6 +2101,7 @@ int swrap_readv(int s, const struct iovec *vector, size_t count)
                 uint8_t *buf;
                 off_t ofs = 0;
                 size_t i;
+               size_t remain = ret;
  
                 /* we capture it as one single packet */
                 buf = (uint8_t *)malloc(ret);
@@ -2111,10 +2112,12 @@ int swrap_readv(int s, const struct iovec *vector, size_t count)
                 }
  
                 for (i=0; i < count; i++) {
+                       size_t this_time = MIN(remain, vector[i].iov_len);
                         memcpy(buf + ofs,
                                vector[i].iov_base,
-                              vector[i].iov_len);
-                       ofs += vector[i].iov_len;
+                              this_time);
+                       ofs += this_time;
+                       remain -= this_time;
                 }
  
                 swrap_dump_packet(si, NULL, SWRAP_RECV, buf, ret);
@@ -2161,6 +2164,7 @@ int swrap_writev(int s, const struct iovec *vector, size_t count)
                 uint8_t *buf;
                 off_t ofs = 0;
                 size_t i;
+               size_t remain = ret;
  
                 /* we capture it as one single packet */
                 buf = (uint8_t *)malloc(ret);
@@ -2171,10 +2175,12 @@ int swrap_writev(int s, const struct iovec *vector, size_t count)
                 }
  
                 for (i=0; i < count; i++) {
+                       size_t this_time = MIN(remain, vector[i].iov_len);
                         memcpy(buf + ofs,
                                vector[i].iov_base,
-                              vector[i].iov_len);
-                       ofs += vector[i].iov_len;
+                              this_time);
+                       ofs += this_time;
+                       remain -= this_time;
                 }
  
                 swrap_dump_packet(si, NULL, SWRAP_SEND, buf, ret);
author	Stefan Metzmacher <metze@samba.org>
	Wed, 8 Apr 2009 17:08:34 +0000 (19:08 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 10 Apr 2009 17:38:29 +0000 (19:38 +0200)