diff options
| author | 2010-06-13 18:48:27 +0200 | |
|---|---|---|
| committer | 2010-06-13 18:48:27 +0200 | |
| commit | 713cfb3d145f9db242138405f16d4ab225e8ba04 (patch) | |
| tree | db3230f6e2099f1d5630e8042386fe5fc0067c10 /daemon | |
| parent | e1da26918aa8eb025cf18216efce61b2b4cf64b8 (diff) | |
| download | usbmuxd-713cfb3d145f9db242138405f16d4ab225e8ba04.tar.gz usbmuxd-713cfb3d145f9db242138405f16d4ab225e8ba04.tar.bz2 | |
Abort processing for some client errors (instead of crashing)
Missing 'return' statements caused the code to keep running on a
deallocated client, which would cause the server to crash.
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/client.c | 3 | 
1 files changed, 3 insertions, 0 deletions
| diff --git a/daemon/client.c b/daemon/client.c index 80bc0c7..ac1045a 100644 --- a/daemon/client.c +++ b/daemon/client.c @@ -520,14 +520,17 @@ static void process_recv(struct mux_client *client)  		usbmuxd_log(LL_INFO, "Client %d version mismatch: expected %d, got %d", client->fd, USBMUXD_PROTOCOL_VERSION, hdr->version);  #endif  		client_close(client); +		return;  	}  	if(hdr->length > client->ib_capacity) {  		usbmuxd_log(LL_INFO, "Client %d message is too long (%d bytes)", client->fd, hdr->length);  		client_close(client); +		return;  	}  	if(hdr->length < sizeof(struct usbmuxd_header)) {  		usbmuxd_log(LL_ERROR, "Client %d message is too short (%d bytes)", client->fd, hdr->length);  		client_close(client); +		return;  	}  	if(client->ib_size < hdr->length) {  		if(did_read) | 
