From d9397119c5d31daeb10a83afb6cc02f3b40878b1 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 2 Jan 2009 23:51:57 +0000 Subject: [PATCH] ead: message handling fixes SVN-Revision: 13828 --- package/ead/src/ead-client.c | 5 ++++- package/ead/src/ead.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/package/ead/src/ead-client.c b/package/ead/src/ead-client.c index 111dc8ac63..14e04c40ba 100644 --- a/package/ead/src/ead-client.c +++ b/package/ead/src/ead-client.c @@ -143,7 +143,10 @@ static bool handle_pong(void) { struct ead_msg_pong *pong = EAD_DATA(msg, pong); - int len = msg->len - sizeof(struct ead_msg_pong); + int len = ntohl(msg->len) - sizeof(struct ead_msg_pong); + + if (len <= 0) + return false; pong->name[len] = 0; auth_type = ntohs(pong->auth_type); diff --git a/package/ead/src/ead.c b/package/ead/src/ead.c index 7367c38658..c4d3dd9f41 100644 --- a/package/ead/src/ead.c +++ b/package/ead/src/ead.c @@ -330,7 +330,7 @@ handle_ping(struct ead_packet *pkt, int len, int *nstate) msg->len = htonl(sizeof(struct ead_msg_pong) + slen); strncpy(pong->name, dev_name, slen); - pong->name[len] = 0; + pong->name[slen] = 0; pong->auth_type = htons(EAD_AUTH_MD5); return true;