ead: message handling fixes

SVN-Revision: 13828

diff --git a/package/ead/src/ead-client.c b/package/ead/src/ead-client.c
index 111dc8ac635aa8f2db9aed787dbfab552e233bb1..14e04c40ba94e36af134be57b715fd1e1438f123 100644 (file)
--- a/package/ead/src/ead-client.c
+++ b/package/ead/src/ead-client.c
@@ -143,7 +143,10 @@ static bool
 handle_pong(void)
 {
        struct ead_msg_pong *pong = EAD_DATA(msg, pong);
 handle_pong(void)
 {
        struct ead_msg_pong *pong = EAD_DATA(msg, pong);

-       int len = msg->len - sizeof(struct ead_msg_pong);
+       int len = ntohl(msg->len) - sizeof(struct ead_msg_pong);
+
+       if (len <= 0)
+               return false;

 
        pong->name[len] = 0;
        auth_type = ntohs(pong->auth_type);
 
        pong->name[len] = 0;
        auth_type = ntohs(pong->auth_type);

diff --git a/package/ead/src/ead.c b/package/ead/src/ead.c
index 7367c386580feb277fe0f82eb508d5683fd13497..c4d3dd9f4164f7bf6c149a4096b950e9486e54cb 100644 (file)
--- a/package/ead/src/ead.c
+++ b/package/ead/src/ead.c
@@ -330,7 +330,7 @@ handle_ping(struct ead_packet *pkt, int len, int *nstate)
 
        msg->len = htonl(sizeof(struct ead_msg_pong) + slen);
        strncpy(pong->name, dev_name, slen);
 
        msg->len = htonl(sizeof(struct ead_msg_pong) + slen);
        strncpy(pong->name, dev_name, slen);

-       pong->name[len] = 0;
+       pong->name[slen] = 0;

        pong->auth_type = htons(EAD_AUTH_MD5);
 
        return true;
        pong->auth_type = htons(EAD_AUTH_MD5);
 
        return true;