--- libaitrpc/src/srv.c	2011/03/15 16:48:31	1.1.1.1.2.24
+++ libaitrpc/src/srv.c	2011/08/18 15:08:03	1.3
@@ -3,9 +3,46 @@
 *  by Michael Pounov <misho@openbsd-bg.org>
 *
 * $Author: misho $
-* $Id: srv.c,v 1.1.1.1.2.24 2011/03/15 16:48:31 misho Exp $
+* $Id: srv.c,v 1.3 2011/08/18 15:08:03 misho Exp $
 *
-*************************************************************************/
+**************************************************************************
+The ELWIX and AITNET software is distributed under the following
+terms:
+
+All of the documentation and software included in the ELWIX and AITNET
+Releases is copyrighted by ELWIX - Sofia/Bulgaria <info@elwix.org>
+
+Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011
+	by Michael Pounov <misho@elwix.org>.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+This product includes software developed by Michael Pounov <misho@elwix.org>
+ELWIX - Embedded LightWeight unIX and its contributors.
+4. Neither the name of AITNET nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY AITNET AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+*/
 #include "global.h"
 
 
@@ -15,9 +52,10 @@ rpc_srv_dispatchCall(void *arg)
 	rpc_cli_t *c = arg;
 	rpc_srv_t *s;
 	rpc_val_t *vals = NULL, *v = NULL;
-	rpc_func_t *f;
+	rpc_func_t *f = NULL;
 	struct tagRPCCall *rpc;
-	struct tagRPCRet rrpc;
+	struct tagRPCRet *rrpc;
+	rpc_sess_t ses = { 0 };
 	fd_set fds;
 	u_char buf[BUFSIZ], *data;
 	int ret, argc = 0, Limit = 0;
@@ -30,13 +68,13 @@ rpc_srv_dispatchCall(void *arg)
 		s = c->cli_parent;
 
 	do {
+		v = NULL;
 		FD_ZERO(&fds);
 		FD_SET(c->cli_sock, &fds);
 		ret = select(c->cli_sock + 1, &fds, NULL, NULL, NULL);
 		if (ret == -1) {
 			ret = -2;
 		}
-		memset(&rrpc, 0, sizeof rrpc);
 		memset(buf, 0, BUFSIZ);
 		if ((ret = recv(c->cli_sock, buf, BUFSIZ, 0)) == -1) {
 			LOGERR;
@@ -86,7 +124,7 @@ rpc_srv_dispatchCall(void *arg)
 					       	data += v[i].val_len;
 						break;
 					case string:
-						if (v[i].val_len + 1 > BUFSIZ - Limit) {
+						if (v[i].val_len > BUFSIZ - Limit) {
 							rpc_SetErr(EMSGSIZE, "Error:: Too big RPC packet ...\n");
 							ret = -5;
 							goto makeReply;
@@ -94,7 +132,7 @@ rpc_srv_dispatchCall(void *arg)
 							Limit += v[i].val_len;
 
 						v[i].val.string = (int8_t*) data;
-						data += v[i].val_len + 1;
+						data += v[i].val_len;
 						break;
 					case blob:
 						if (s->srv_blob.state == disable) {
@@ -110,6 +148,7 @@ rpc_srv_dispatchCall(void *arg)
 
 		argc = 0;
 		vals = NULL;
+		memcpy(&ses, &rpc->call_session, sizeof ses);
 		if (!(f = rpc_srv_getCall(s, rpc->call_tag, rpc->call_hash))) {
 			rpc_SetErr(EINVAL, "Error:: call not found into RPC server ...\n");
 			ret = -6;
@@ -118,29 +157,40 @@ rpc_srv_dispatchCall(void *arg)
 				ret = -9;
 			else
 				argc = rpc_srv_getValsCall(f, &vals);
-
 makeReply:
-		memcpy(&rrpc.ret_session, &rpc->call_session, sizeof rrpc.ret_session);
-		rrpc.ret_tag = rpc->call_tag;
-		rrpc.ret_hash = rpc->call_hash;
-		rrpc.ret_errno = rpc_Errno;
-		rrpc.ret_retcode = ret;
-		rrpc.ret_argc = argc;
-
 		memset(buf, 0, BUFSIZ);
-		memcpy(buf, &rrpc, (Limit = sizeof rrpc));
+		rrpc = (struct tagRPCRet*) buf;
+		Limit = sizeof(struct tagRPCRet);
+
+		memcpy(&rrpc->ret_session, &ses, sizeof(rpc_sess_t));
+		rrpc->ret_tag = rpc->call_tag;
+		rrpc->ret_hash = rpc->call_hash;
+		rrpc->ret_errno = rpc_Errno;
+		rrpc->ret_retcode = ret;
+		rrpc->ret_argc = argc;
+
 		if (argc && vals) {
-			v = (rpc_val_t*) (buf + sizeof rrpc);
+			v = (rpc_val_t*) (buf + Limit);
+			if (argc * sizeof(rpc_val_t) > BUFSIZ - Limit) {
+				for (i = 0; i < argc; i++)
+					RPC_FREE_VAL(&vals[i]);
+				rpc_srv_freeValsCall(f);
+				vals = NULL;
+				argc = 0;
+				ret = -7;
+				rpc_SetErr(EMSGSIZE, "Error:: in prepare RPC packet values (-7) ...\n");
+				goto makeReply;
+			} else
+				Limit += argc * sizeof(rpc_val_t);
 			memcpy(v, vals, argc * sizeof(rpc_val_t));
-			Limit += argc * sizeof(rpc_val_t);
 			data = (u_char*) v + argc * sizeof(rpc_val_t);
 			for (ret = i = 0; i < argc; i++) {
 				switch (vals[i].val_type) {
 					case buffer:
 						if (ret || Limit + vals[i].val_len > BUFSIZ) {
 							rpc_SetErr(EMSGSIZE, "Error:: in prepare RPC packet (-7) ...\n");
-							rrpc.ret_retcode = ret = -7;
-							rrpc.ret_argc = 0;
+							rrpc->ret_retcode = ret = -7;
+							rrpc->ret_argc = 0;
 							break;
 						}
 
@@ -149,22 +199,22 @@ makeReply:
 						Limit += vals[i].val_len;
 						break;
 					case string:
-						if (ret || Limit + vals[i].val_len + 1 > BUFSIZ) {
+						if (ret || Limit + vals[i].val_len > BUFSIZ) {
 							rpc_SetErr(EMSGSIZE, "Error:: in prepare RPC packet (-7) ...\n");
-							rrpc.ret_retcode = ret = -7;
-							rrpc.ret_argc = 0;
+							rrpc->ret_retcode = ret = -7;
+							rrpc->ret_argc = 0;
 							break;
 						}
 
-						memcpy(data, vals[i].val.string, vals[i].val_len + 1);
-						data += vals[i].val_len + 1;
-						Limit += vals[i].val_len + 1;
+						memcpy(data, vals[i].val.string, vals[i].val_len);
+						data += vals[i].val_len;
+						Limit += vals[i].val_len;
 						break;
 					case blob:
 						if (s->srv_blob.state == disable) {
 							rpc_SetErr(ENOTSUP, "Error:: BLOB server is disabled\n");
-							rrpc.ret_retcode = ret = -5;
-							rrpc.ret_argc = 0;
+							rrpc->ret_retcode = ret = -5;
+							rrpc->ret_argc = 0;
 							break;
 						}
 					default:
@@ -173,6 +223,9 @@ makeReply:
 
 				RPC_FREE_VAL(&vals[i]);
 			}
+			rpc_srv_freeValsCall(f);
+			vals = NULL;
+			argc = 0;
 		}
 
 		if ((ret = send(c->cli_sock, buf, Limit, 0)) == -1) {
@@ -191,7 +244,7 @@ makeReply:
 	shutdown(c->cli_sock, SHUT_RDWR);
 	close(c->cli_sock);
 	memset(c, 0, sizeof(rpc_cli_t));
-	return (void*) ret;
+	return (void*) (long)ret;
 }
 
 
@@ -306,7 +359,7 @@ makeReply:
 	shutdown(c->cli_sock, SHUT_RDWR);
 	close(c->cli_sock);
 	memset(c, 0, sizeof(rpc_cli_t));
-	return (void*) ret;
+	return (void*) (long)ret;
 }
 
 // -------------------------------------------------