fix parse: fix read user's dlen cause seg fault

openbfdev · Mar 1, 2024 · 5e53cb2 · 5e53cb2
1 parent 2a2a275
commit 5e53cb2
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 14 deletions.
diff --git a/src/adb/xdbd_adb.c b/src/adb/xdbd_adb.c
@@ -57,25 +57,17 @@ size_t xdbd_adb_read_adb_header(xdbd_adb_request_t *r) {
 
 int xdbd_adb_parse_adb_header(xdbd_adb_request_t *r, xdbd_buf_t *b) {
     ssize_t n;
-
+    xdbd_adb_packet_t *p;
     n = xdbd_buf_size(b);
 
     if (n < sizeof(xdbd_adb_header_t)) {
         return XDBD_AGAIN;
     }
 
-    xdbd_memcpy(&r->h, b->start, sizeof(xdbd_adb_header_t));
-
-    r->p = xdbd_pcalloc(r->temp_pool, sizeof(xdbd_adb_packet_t));
-    if (r->p == NULL) {
-        return XDBD_ERR;
-    }
-
-    r->p->payload = xdbd_create_buf(r->temp_pool, r->h.dlen);
-    if (r->p->payload == NULL) {
-        return XDBD_ERR;
-    }
+    p = r->p;
 
+    xdbd_memcpy(&r->h, b->start, sizeof(xdbd_adb_header_t));
+    p->header = r->h;
 
     r->buffer->pos += sizeof(xdbd_adb_header_t);
     return XDBD_OK;
@@ -123,8 +115,6 @@ size_t xdbd_adb_read_adb_payload(xdbd_adb_request_t *r) {
 }
 
 int xdbd_adb_parse_adb_payload(xdbd_adb_request_t *r, xdbd_buf_t *b) {
-    r->p->header = r->h;
-
     xdbd_buf_append_buf(r->p->payload, r->pool, b);
 
     xdbd_dump_adb_packet(r->pool, r->p);

diff --git a/src/adb/xdbd_adb_request.c b/src/adb/xdbd_adb_request.c
@@ -1,9 +1,13 @@
+#include "adb.h"
+#include "xdbd_adb.h"
+#include "xdbd_buf.h"
 #include "xdbd_pool.h"
 #include <xdbd_adb_request.h>
 #include <connection.h>
 
 xdbd_adb_request_t *xdbd_adb_create_request(xdbd_connection_t *c) {
     xdbd_adb_request_t *r;
+    xdbd_adb_packet_t *p;
 
     r = xdbd_pcalloc(c->pool, sizeof(xdbd_adb_request_t));
     if (r == NULL) {
@@ -17,5 +21,16 @@ xdbd_adb_request_t *xdbd_adb_create_request(xdbd_connection_t *c) {
 
     r->coonection = c;
 
+    p = xdbd_pcalloc(r->pool, sizeof(xdbd_adb_packet_t));
+    if (p == NULL) {
+        return NULL;
+    }
+
+    p->payload = xdbd_create_buf(r->pool, ADB_MAX_PACKET_SIZE);
+    if (p->payload == NULL) {
+        return NULL;
+    }
+
+    r->p = p;
     return r;
 }
diff --git a/src/xdbd.c b/src/xdbd.c
@@ -1,3 +1,4 @@
+#include "bfdev/log.h"
 #include <xdbd_event.h>
 #include <bfdev/list.h>
 #include <bfdev.h>