added check of overflow in socket data buffer
git-svn-id: svn://kolibrios.org@1019 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
parent
f8317039fb
commit
e1573dd58e
@ -54,6 +54,7 @@ struct SOCKET
|
||||
.SEG_LEN dd ? ; segment length
|
||||
.SEG_WND dd ? ; segment window
|
||||
.wndsizeTimer dd ? ; window size timer
|
||||
.lock dd ? ; lock mutex
|
||||
.rxData dd ? ; receive data buffer here
|
||||
ends
|
||||
|
||||
@ -600,15 +601,18 @@ proc socket_read stdcall
|
||||
or eax, eax
|
||||
jz .error
|
||||
|
||||
lea ebx, [eax + SOCKET.lock]
|
||||
call wait_mutex
|
||||
|
||||
mov ebx, eax
|
||||
mov eax, [ebx + SOCKET.rxDataCount] ; get count of bytes
|
||||
test eax, eax
|
||||
jz .error
|
||||
jz .error_release
|
||||
|
||||
dec eax
|
||||
mov esi, ebx ; esi is address of socket
|
||||
mov [ebx + SOCKET.rxDataCount], eax ; store new count
|
||||
movzx ebx, byte[ebx + SOCKET.rxData] ; get the byte
|
||||
movzx eax, byte[ebx + SOCKET.rxData] ; get the byte
|
||||
|
||||
mov ecx, SOCKETBUFFSIZE - SOCKET.rxData - 1
|
||||
lea edi, [esi + SOCKET.rxData]
|
||||
@ -621,8 +625,13 @@ proc socket_read stdcall
|
||||
and ecx, 3
|
||||
rep movsb
|
||||
|
||||
mov [ebx + SOCKET.lock], 0
|
||||
mov ebx, eax
|
||||
|
||||
ret
|
||||
|
||||
.error_release:
|
||||
mov [ebx + SOCKET.lock], 0
|
||||
.error:
|
||||
xor ebx, ebx
|
||||
ret
|
||||
@ -645,6 +654,9 @@ proc socket_read_packet stdcall
|
||||
or eax, eax
|
||||
jz .error
|
||||
|
||||
lea ebx, [eax + SOCKET.lock]
|
||||
call wait_mutex
|
||||
|
||||
mov ebx, eax
|
||||
mov eax, [ebx + SOCKET.rxDataCount] ; get count of bytes
|
||||
test eax, eax ; if count of bytes is zero..
|
||||
@ -675,6 +687,7 @@ proc socket_read_packet stdcall
|
||||
rep movsb ; copy remaining bytes
|
||||
|
||||
.exit:
|
||||
mov [ebx + SOCKET.lock], 0
|
||||
ret ; at last, exit
|
||||
|
||||
.error:
|
||||
@ -685,6 +698,7 @@ proc socket_read_packet stdcall
|
||||
xor esi, esi
|
||||
mov [ebx + SOCKET.rxDataCount], esi ; store new count (zero)
|
||||
call .start_copy
|
||||
mov [ebx + SOCKET.lock], 0
|
||||
ret
|
||||
|
||||
.start_copy:
|
||||
|
@ -921,7 +921,7 @@ proc stateTCB_ESTABLISHED stdcall, sockAddr:DWORD
|
||||
movzx ecx, [edx + IP_PACKET.TotalLength]
|
||||
xchg cl, ch
|
||||
sub ecx, 40 ; Discard 40 bytes of header
|
||||
jnz .data ; Read data, if any
|
||||
ja .data ; Read data, if any
|
||||
|
||||
; If we had received a fin, we need to ACK it.
|
||||
cmp [ebx + SOCKET.TCBState], TCB_CLOSE_WAIT
|
||||
@ -929,14 +929,19 @@ proc stateTCB_ESTABLISHED stdcall, sockAddr:DWORD
|
||||
jmp .exit
|
||||
|
||||
.data:
|
||||
push ebx
|
||||
add ebx, SOCKET.lock
|
||||
call wait_mutex
|
||||
pop ebx
|
||||
|
||||
push ecx
|
||||
push [ebx + SOCKET.PID] ; get socket owner PID
|
||||
mov eax, [ebx + SOCKET.rxDataCount]
|
||||
add eax, ecx
|
||||
cmp eax, SOCKETBUFFSIZE - SOCKETHEADERSIZE
|
||||
ja .overflow
|
||||
|
||||
add [ebx + SOCKET.rxDataCount], ecx ; increment the count of bytes in buffer
|
||||
|
||||
mov eax, [ebx + SOCKET.PID] ; get socket owner PID
|
||||
push eax
|
||||
|
||||
mov eax, [ebx + SOCKET.rxDataCount] ; get # of bytes already in buffer
|
||||
mov [ebx + SOCKET.rxDataCount], eax ; increment the count of bytes in buffer
|
||||
|
||||
; point to the location to store the data
|
||||
lea edi, [ebx + eax + SOCKETHEADERSIZE]
|
||||
@ -947,6 +952,7 @@ proc stateTCB_ESTABLISHED stdcall, sockAddr:DWORD
|
||||
|
||||
cld
|
||||
rep movsb ; copy the data across
|
||||
mov [ebx + SOCKET.lock], 0 ; release mutex
|
||||
|
||||
; flag an event to the application
|
||||
pop eax
|
||||
@ -1001,6 +1007,12 @@ proc stateTCB_ESTABLISHED stdcall, sockAddr:DWORD
|
||||
|
||||
.exit:
|
||||
ret
|
||||
.overflow:
|
||||
; no place in buffer
|
||||
; so simply restore stack and exit
|
||||
pop eax ecx
|
||||
mov [ebx + SOCKET.lock], 0
|
||||
ret
|
||||
endp
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user