1
0

added check of overflow in socket data buffer

git-svn-id: svn://kolibrios.org@1019 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
Evgeny Grechnikov (Diamond) 2009-02-01 11:26:47 +00:00
parent f8317039fb
commit e1573dd58e
2 changed files with 35 additions and 9 deletions
kernel/trunk/network

View File

@ -54,6 +54,7 @@ struct SOCKET
.SEG_LEN dd ? ; segment length
.SEG_WND dd ? ; segment window
.wndsizeTimer dd ? ; window size timer
.lock dd ? ; lock mutex
.rxData dd ? ; receive data buffer here
ends
@ -600,15 +601,18 @@ proc socket_read stdcall
or eax, eax
jz .error
lea ebx, [eax + SOCKET.lock]
call wait_mutex
mov ebx, eax
mov eax, [ebx + SOCKET.rxDataCount] ; get count of bytes
test eax, eax
jz .error
jz .error_release
dec eax
mov esi, ebx ; esi is address of socket
mov [ebx + SOCKET.rxDataCount], eax ; store new count
movzx ebx, byte[ebx + SOCKET.rxData] ; get the byte
movzx eax, byte[ebx + SOCKET.rxData] ; get the byte
mov ecx, SOCKETBUFFSIZE - SOCKET.rxData - 1
lea edi, [esi + SOCKET.rxData]
@ -621,8 +625,13 @@ proc socket_read stdcall
and ecx, 3
rep movsb
mov [ebx + SOCKET.lock], 0
mov ebx, eax
ret
.error_release:
mov [ebx + SOCKET.lock], 0
.error:
xor ebx, ebx
ret
@ -645,6 +654,9 @@ proc socket_read_packet stdcall
or eax, eax
jz .error
lea ebx, [eax + SOCKET.lock]
call wait_mutex
mov ebx, eax
mov eax, [ebx + SOCKET.rxDataCount] ; get count of bytes
test eax, eax ; if count of bytes is zero..
@ -675,6 +687,7 @@ proc socket_read_packet stdcall
rep movsb ; copy remaining bytes
.exit:
mov [ebx + SOCKET.lock], 0
ret ; at last, exit
.error:
@ -685,6 +698,7 @@ proc socket_read_packet stdcall
xor esi, esi
mov [ebx + SOCKET.rxDataCount], esi ; store new count (zero)
call .start_copy
mov [ebx + SOCKET.lock], 0
ret
.start_copy:

View File

@ -921,7 +921,7 @@ proc stateTCB_ESTABLISHED stdcall, sockAddr:DWORD
movzx ecx, [edx + IP_PACKET.TotalLength]
xchg cl, ch
sub ecx, 40 ; Discard 40 bytes of header
jnz .data ; Read data, if any
ja .data ; Read data, if any
; If we had received a fin, we need to ACK it.
cmp [ebx + SOCKET.TCBState], TCB_CLOSE_WAIT
@ -929,14 +929,19 @@ proc stateTCB_ESTABLISHED stdcall, sockAddr:DWORD
jmp .exit
.data:
push ebx
add ebx, SOCKET.lock
call wait_mutex
pop ebx
push ecx
push [ebx + SOCKET.PID] ; get socket owner PID
mov eax, [ebx + SOCKET.rxDataCount]
add eax, ecx
cmp eax, SOCKETBUFFSIZE - SOCKETHEADERSIZE
ja .overflow
add [ebx + SOCKET.rxDataCount], ecx ; increment the count of bytes in buffer
mov eax, [ebx + SOCKET.PID] ; get socket owner PID
push eax
mov eax, [ebx + SOCKET.rxDataCount] ; get # of bytes already in buffer
mov [ebx + SOCKET.rxDataCount], eax ; increment the count of bytes in buffer
; point to the location to store the data
lea edi, [ebx + eax + SOCKETHEADERSIZE]
@ -947,6 +952,7 @@ proc stateTCB_ESTABLISHED stdcall, sockAddr:DWORD
cld
rep movsb ; copy the data across
mov [ebx + SOCKET.lock], 0 ; release mutex
; flag an event to the application
pop eax
@ -1001,6 +1007,12 @@ proc stateTCB_ESTABLISHED stdcall, sockAddr:DWORD
.exit:
ret
.overflow:
; no place in buffer
; so simply restore stack and exit
pop eax ecx
mov [ebx + SOCKET.lock], 0
ret
endp