diff options
| author | joeh <joeh@ae88bc3d-4319-0410-8dbf-d08b4c9d3795> | 2001-04-10 21:36:21 +0000 |
|---|---|---|
| committer | joeh <joeh@ae88bc3d-4319-0410-8dbf-d08b4c9d3795> | 2001-04-10 21:36:21 +0000 |
| commit | 46680e72335b060a28a8e02590a71155f5132ac4 (patch) | |
| tree | b8e1f98dacbc0f0447cc508f65373b4ab0907fe3 /ace | |
| parent | df53cf11b473ad00d1fc0a65a59577ba7f493614 (diff) | |
| download | ATCD-46680e72335b060a28a8e02590a71155f5132ac4.tar.gz | |
Tue Apr 10 16:33:42 2001 Joe Hoffert <joeh@cs.wustl.edu>
Diffstat (limited to 'ace')
| -rw-r--r-- | ace/CDR_Stream.cpp | 37 | ||||
| -rw-r--r-- | ace/CDR_Stream.i | 60 |
2 files changed, 95 insertions, 2 deletions
diff --git a/ace/CDR_Stream.cpp b/ace/CDR_Stream.cpp index a7b5f27eb11..2009e3f983b 100644 --- a/ace/CDR_Stream.cpp +++ b/ace/CDR_Stream.cpp @@ -652,7 +652,10 @@ ACE_InputCDR::read_string (char *&x) ACE_CDR::ULong len; this->read_ulong (len); - if (len > 0) + // A check for the length being too great is done later in the + // call to read_char_array but we want to have it done before + // the memory is allocated. + if (len > 0 && len <= this->length()) { ACE_NEW_RETURN (x, ACE_CDR::Char[len], @@ -661,6 +664,16 @@ ACE_InputCDR::read_string (char *&x) return 1; delete [] x; } + else if (len == 0) + { + // Convert any null strings to empty strings since empty + // strings can cause crashes. (See bug 58.) + ACE_NEW_RETURN (x, + ACE_CDR::Char[1], + 0); + ACE_OS::strcpy(x, ""); + return 1; + } x = 0; return 0; @@ -692,7 +705,10 @@ ACE_InputCDR::read_wstring (ACE_CDR::WChar*& x) ACE_CDR::ULong len; this->read_ulong (len); - if (this->good_bit()) + // A check for the length being too great is done later in the + // call to read_char_array but we want to have it done before + // the memory is allocated. + if (len > 0 && len <= this->length()) { ACE_NEW_RETURN (x, ACE_CDR::WChar[len], @@ -702,6 +718,17 @@ ACE_InputCDR::read_wstring (ACE_CDR::WChar*& x) delete [] x; } + else if (len == 0) + { + // Convert any null strings to empty strings since empty + // strings can cause crashes. (See bug 58.) + ACE_NEW_RETURN (x, + ACE_CDR::WChar[1], + 0); + ACE_OS::memcpy(x, "", 2); + return 1; + } + x = 0; return 0; } @@ -715,6 +742,7 @@ ACE_InputCDR::read_array (void* x, if (length == 0) return 1; char* buf; + if (this->adjust (size * length, align, buf) == 0) { #if defined (ACE_DISABLE_SWAP_ON_READ) @@ -757,6 +785,11 @@ ACE_CDR::Boolean ACE_InputCDR::read_boolean_array (ACE_CDR::Boolean *x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + // It is hard to optimize this, the spec requires that on the wire // booleans be represented as a byte with value 0 or 1, but in // memoery it is possible (though very unlikely) that a boolean has diff --git a/ace/CDR_Stream.i b/ace/CDR_Stream.i index b790166fcdf..e05b8685cdb 100644 --- a/ace/CDR_Stream.i +++ b/ace/CDR_Stream.i @@ -564,6 +564,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_char_array (ACE_CDR::Char* x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + if (this->char_translator_ == 0) return this->read_array (x, ACE_CDR::OCTET_SIZE, @@ -576,6 +581,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_wchar_array (ACE_CDR::WChar* x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + if (this->wchar_translator_ == 0) return this->read_array (x, ACE_CDR::SHORT_SIZE, @@ -588,6 +598,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_octet_array (ACE_CDR::Octet* x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + return this->read_array (x, ACE_CDR::OCTET_SIZE, ACE_CDR::OCTET_ALIGN, @@ -598,6 +613,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_short_array (ACE_CDR::Short *x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + return this->read_array (x, ACE_CDR::SHORT_SIZE, ACE_CDR::SHORT_ALIGN, @@ -608,6 +628,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_ushort_array (ACE_CDR::UShort *x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + return this->read_array (x, ACE_CDR::SHORT_SIZE, ACE_CDR::SHORT_ALIGN, @@ -618,6 +643,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_long_array (ACE_CDR::Long *x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + return this->read_array (x, ACE_CDR::LONG_SIZE, ACE_CDR::LONG_ALIGN, @@ -628,6 +658,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_ulong_array (ACE_CDR::ULong *x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + return this->read_array (x, ACE_CDR::LONG_SIZE, ACE_CDR::LONG_ALIGN, @@ -638,6 +673,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_longlong_array (ACE_CDR::LongLong *x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + return this->read_array (x, ACE_CDR::LONGLONG_SIZE, ACE_CDR::LONGLONG_ALIGN, @@ -648,6 +688,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_ulonglong_array (ACE_CDR::ULongLong *x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + return this->read_array (x, ACE_CDR::LONGLONG_SIZE, ACE_CDR::LONGLONG_ALIGN, @@ -658,6 +703,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_float_array (ACE_CDR::Float *x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + return this->read_array (x, ACE_CDR::LONG_SIZE, ACE_CDR::LONG_ALIGN, @@ -669,6 +719,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_double_array (ACE_CDR::Double *x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + return this->read_array (x, ACE_CDR::LONGLONG_SIZE, ACE_CDR::LONGLONG_ALIGN, @@ -679,6 +734,11 @@ ACE_INLINE ACE_CDR::Boolean ACE_InputCDR::read_longdouble_array (ACE_CDR::LongDouble* x, ACE_CDR::ULong length) { + // Make sure the length of the array isn't greater than the length of + // the stream. + if (length > this->length()) + return 0; + return this->read_array (x, ACE_CDR::LONGDOUBLE_SIZE, ACE_CDR::LONGDOUBLE_ALIGN, |