--- libaitrpc/src/cli.c 2010/06/28 17:10:39 1.1.1.1.2.4 +++ libaitrpc/src/cli.c 2011/05/02 23:07:55 1.1.1.1.2.9 @@ -3,9 +3,46 @@ * by Michael Pounov * * $Author: misho $ -* $Id: cli.c,v 1.1.1.1.2.4 2010/06/28 17:10:39 misho Exp $ +* $Id: cli.c,v 1.1.1.1.2.9 2011/05/02 23:07:55 misho Exp $ * -*************************************************************************/ +************************************************************************** +The ELWIX and AITNET software is distributed under the following +terms: + +All of the documentation and software included in the ELWIX and AITNET +Releases is copyrighted by ELWIX - Sofia/Bulgaria + +Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 + by Michael Pounov . All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: +This product includes software developed by Michael Pounov +ELWIX - Embedded LightWeight unIX and its contributors. +4. Neither the name of AITNET nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY AITNET AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. +*/ #include "global.h" @@ -263,8 +300,8 @@ rpc_cli_execCall(rpc_cli_t *cli, const char *csModule, memcpy(data, in_vals[i].val.string, in_vals[i].val_len); v[i].val.string = (int8_t*) ((void*) data - (void*) v); - data += in_vals[i].val_len; - Limit += in_vals[i].val_len; + data += in_vals[i].val_len + 1; + Limit += in_vals[i].val_len + 1; break; default: break; @@ -280,7 +317,7 @@ rpc_cli_execCall(rpc_cli_t *cli, const char *csModule, return -1; } if (ret != Limit) { - rpc_SetErr(EBADMSG, "Error:: in send RPC request, should be send %d bytes, really is %d\n", + rpc_SetErr(ECANCELED, "Error:: in send RPC request, should be send %d bytes, really is %d\n", Limit, ret); return -9; } @@ -300,7 +337,7 @@ rpc_cli_execCall(rpc_cli_t *cli, const char *csModule, } if (!ret) // receive EOF return 0; - if (ret < sizeof(struct tagRPCCall)) { + if (ret < sizeof(struct tagRPCRet)) { rpc_SetErr(EMSGSIZE, "Error:: too short RPC packet ...\n"); return -4; } else @@ -309,11 +346,18 @@ rpc_cli_execCall(rpc_cli_t *cli, const char *csModule, if (memcmp(&rrpc->ret_session, cli->cli_parent, sizeof rrpc->ret_session)) { rpc_SetErr(EINVAL, "Error:: get invalid RPC session ...\n"); return -5; - } + } else + Limit = sizeof(struct tagRPCRet); if (rrpc->ret_retcode < 0 && rrpc->ret_errno) { - rpc_SetErr(rrpc->ret_errno, "Error::Server side: %s\n", strerror(rrpc->ret_errno)); + rpc_SetErr(rrpc->ret_errno, "Error::Server side: %d %s\n", + rrpc->ret_retcode, strerror(rrpc->ret_errno)); return -6; } + if (rrpc->ret_argc * sizeof(rpc_val_t) > BUFSIZ - Limit) { + rpc_SetErr(EMSGSIZE, "Error:: reply RPC packet is too big ...\n"); + return -7; + } else + Limit += rrpc->ret_argc * sizeof(rpc_val_t); // RPC is OK! Go decapsulate variables ... if (rrpc->ret_argc) { *out_argc = rrpc->ret_argc; @@ -323,13 +367,21 @@ rpc_cli_execCall(rpc_cli_t *cli, const char *csModule, *out_argc = 0; return -1; } else - Limit = rrpc->ret_argc * sizeof(rpc_val_t); - memcpy(*out_vals, buf + sizeof(struct tagRPCRet), Limit); + memcpy(*out_vals, buf + sizeof(struct tagRPCRet), Limit - sizeof(struct tagRPCRet)); // RPC received variables types OK! - data = (u_char*) buf + sizeof(struct tagRPCRet) + Limit; + data = (u_char*) buf + Limit; for (i = 0; i < rrpc->ret_argc; i++) switch ((*out_vals)[i].val_type) { case buffer: + if ((*out_vals)[i].val_len > BUFSIZ - Limit) { + rpc_SetErr(EMSGSIZE, "Error:: Too big RPC packet ...\n"); + free(*out_vals); + *out_vals = NULL; + *out_argc = 0; + return -7; + } else + Limit += (*out_vals)[i].val_len; + (*out_vals)[i].val.buffer = malloc((*out_vals)[i].val_len); if (!(*out_vals)[i].val.buffer) { rpc_SetErr(errno, "Error:: in prepare RPC reply ...\n"); @@ -342,6 +394,15 @@ rpc_cli_execCall(rpc_cli_t *cli, const char *csModule, data += (*out_vals)[i].val_len; break; case string: + if ((*out_vals)[i].val_len + 1 > BUFSIZ - Limit) { + rpc_SetErr(EMSGSIZE, "Error:: Too big RPC packet ...\n"); + free(*out_vals); + *out_vals = NULL; + *out_argc = 0; + return -7; + } else + Limit += (*out_vals)[i].val_len + 1; + (*out_vals)[i].val.string = (int8_t*) strdup((char*) data); if (!(*out_vals)[i].val.string) { rpc_SetErr(errno, "Error:: in prepare RPC reply ...\n"); @@ -349,6 +410,9 @@ rpc_cli_execCall(rpc_cli_t *cli, const char *csModule, *out_vals = NULL; *out_argc = 0; return -1; + } else { + /* sanity check ... preserve null byte */ + (*out_vals)[i].val.string[(*out_vals)[i].val_len] = 0; } data += (*out_vals)[i].val_len + 1; break;