--- libaitrpc/src/srv.c	2010/07/07 09:29:42	1.1.1.1.2.14
+++ libaitrpc/src/srv.c	2011/05/02 23:02:44	1.1.1.1.2.25
@@ -3,7 +3,7 @@
 *  by Michael Pounov <misho@openbsd-bg.org>
 *
 * $Author: misho $
-* $Id: srv.c,v 1.1.1.1.2.14 2010/07/07 09:29:42 misho Exp $
+* $Id: srv.c,v 1.1.1.1.2.25 2011/05/02 23:02:44 misho Exp $
 *
 *************************************************************************/
 #include "global.h"
@@ -58,19 +58,41 @@ rpc_srv_dispatchCall(void *arg)
 			rpc_SetErr(EINVAL, "Error:: get invalid RPC session ...\n");
 			ret = -5;
 			goto makeReply;
-		}
+		} else
+			Limit = sizeof(struct tagRPCCall);
 		// RPC is OK! Go decapsulate variables ...
 		if (rpc->call_argc) {
-			v = (rpc_val_t*) (buf + sizeof(struct tagRPCCall));
+			v = (rpc_val_t*) (buf + Limit);
+			// check RPC packet length
+			if (rpc->call_argc * sizeof(rpc_val_t) > BUFSIZ - Limit) {
+				rpc_SetErr(EMSGSIZE, "Error:: Too big RPC packet ...\n");
+				ret = -5;
+				goto makeReply;
+			} else
+				Limit += rpc->call_argc * sizeof(rpc_val_t);
 			// RPC received variables types OK!
 			data = (u_char*) v + rpc->call_argc * sizeof(rpc_val_t);
 			for (i = 0; i < rpc->call_argc; i++) {
 				switch (v[i].val_type) {
 					case buffer:
+						if (v[i].val_len > BUFSIZ - Limit) {
+							rpc_SetErr(EMSGSIZE, "Error:: Too big RPC packet ...\n");
+							ret = -5;
+							goto makeReply;
+						} else
+							Limit += v[i].val_len;
+
 						v[i].val.buffer = data;
 					       	data += v[i].val_len;
 						break;
 					case string:
+						if (v[i].val_len + 1 > BUFSIZ - Limit) {
+							rpc_SetErr(EMSGSIZE, "Error:: Too big RPC packet ...\n");
+							ret = -5;
+							goto makeReply;
+						} else
+							Limit += v[i].val_len;
+
 						v[i].val.string = (int8_t*) data;
 						data += v[i].val_len + 1;
 						break;
@@ -93,7 +115,7 @@ rpc_srv_dispatchCall(void *arg)
 			ret = -6;
 		} else
 			if ((ret = rpc_srv_execCall(f, rpc, v)) == -1)
-				ret = -6;
+				ret = -9;
 			else
 				argc = rpc_srv_getValsCall(f, &vals);
 
@@ -159,7 +181,7 @@ makeReply:
 			break;
 		}
 		if (ret != Limit) {
-			rpc_SetErr(EBADMSG, "Error:: in send RPC request, should be send %d bytes, "
+			rpc_SetErr(ECANCELED, "Error:: in send RPC request, should be send %d bytes, "
 					"really is %d\n", Limit, ret);
 			ret = -9;
 			break;
@@ -169,7 +191,7 @@ makeReply:
 	shutdown(c->cli_sock, SHUT_RDWR);
 	close(c->cli_sock);
 	memset(c, 0, sizeof(rpc_cli_t));
-	return (void*) ret;
+	return (void*) (long)ret;
 }
 
 
@@ -179,7 +201,7 @@ rpc_srv_dispatchVars(void *arg)
 	rpc_cli_t *c = arg;
 	rpc_srv_t *s;
 	rpc_blob_t *b;
-	int cx, ret;
+	int ret;
 	fd_set fds;
 	u_char buf[sizeof(struct tagBLOBHdr)];
 	struct tagBLOBHdr *blob;
@@ -190,7 +212,6 @@ rpc_srv_dispatchVars(void *arg)
 	} else
 		s = c->cli_parent;
 
-	cx = -1;
 	do {
 		// check for disable service at this moment?
 		if (s->srv_blob.state == disable) {
@@ -203,8 +224,8 @@ rpc_srv_dispatchVars(void *arg)
 		ret = select(c->cli_sock + 1, &fds, NULL, NULL, NULL);
 		if (ret == -1) {
 			ret = -2;
-		} else
-			cx++;
+		}
+
 		memset(buf, 0, sizeof buf);
 		if ((ret = recv(c->cli_sock, buf, sizeof buf, 0)) == -1) {
 			LOGERR;
@@ -222,9 +243,8 @@ rpc_srv_dispatchVars(void *arg)
 		} else
 			blob = (struct tagBLOBHdr*) buf;
 		// check BLOB packet session info
-		if (memcmp(&blob->hdr_session, &s->srv_session, sizeof blob->hdr_session) || 
-				blob->hdr_seq != cx) {
-			rpc_SetErr(EINVAL, "Error:: get invalid BLOB session in seq=%d...\n", blob->hdr_seq);
+		if (memcmp(&blob->hdr_session, &s->srv_session, sizeof blob->hdr_session)) {
+			rpc_SetErr(EINVAL, "Error:: get invalid BLOB session ...\n");
 			ret = -5;
 			goto makeReply;
 		}
@@ -236,7 +256,8 @@ rpc_srv_dispatchVars(void *arg)
 							blob->hdr_var);
 					ret = -6;
 					break;
-				}
+				} else
+					blob->hdr_len = b->blob_len;
 
 				if (rpc_srv_blobMap(s, b) != -1) {
 					ret = rpc_srv_sendBLOB(c, b);
@@ -268,14 +289,14 @@ rpc_srv_dispatchVars(void *arg)
 makeReply:
 		// Replay to client!
 		blob->hdr_cmd = ret < 0 ? error : ok;
-		blob->hdr_seq = ret;
+		blob->hdr_ret = ret;
 		if ((ret = send(c->cli_sock, buf, sizeof buf, 0)) == -1) {
 			LOGERR;
 			ret = -8;
 			break;
 		}
 		if (ret != sizeof buf) {
-			rpc_SetErr(EBADMSG, "Error:: in send BLOB reply, should be send %d bytes, "
+			rpc_SetErr(ECANCELED, "Error:: in send BLOB reply, should be send %d bytes, "
 					"really is %d\n", sizeof buf, ret);
 			ret = -9;
 			break;
@@ -285,7 +306,7 @@ makeReply:
 	shutdown(c->cli_sock, SHUT_RDWR);
 	close(c->cli_sock);
 	memset(c, 0, sizeof(rpc_cli_t));
-	return (void*) ret;
+	return (void*) (long)ret;
 }
 
 // -------------------------------------------------
@@ -412,6 +433,7 @@ rpc_srv_endBLOBServer(rpc_srv_t * __restrict srv)
 	}
 	pthread_mutex_unlock(&srv->srv_blob.mtx);
 
+	while (pthread_mutex_trylock(&srv->srv_blob.mtx) == EBUSY);
 	pthread_mutex_destroy(&srv->srv_blob.mtx);
 }
 
@@ -580,12 +602,12 @@ rpc_srv_initServer(u_int regProgID, u_int regProcID, i
 	} else
 		memset(srv->srv_clients, 0, srv->srv_numcli * sizeof(rpc_cli_t));
 
+	pthread_mutex_init(&srv->srv_mtx, NULL);
+
 	rpc_srv_registerCall(srv, NULL, CALL_SRVSHUTDOWN, 0);
 	rpc_srv_registerCall(srv, NULL, CALL_SRVCLIENTS, 0);
 	rpc_srv_registerCall(srv, NULL, CALL_SRVCALLS, 0);
 	rpc_srv_registerCall(srv, NULL, CALL_SRVSESSIONS, 0);
-
-	pthread_mutex_init(&srv->srv_mtx, NULL);
 	return srv;
 }
 
@@ -609,8 +631,10 @@ rpc_srv_endServer(rpc_srv_t * __restrict srv)
 	rpc_srv_endBLOBServer(srv);
 
 	for (i = 0, c = srv->srv_clients; i < srv->srv_numcli && c; i++, c++)
-		if (c->cli_sa.sa_family)
+		if (c->cli_sa.sa_family) {
 			shutdown(c->cli_sock, SHUT_RDWR);
+			close(c->cli_sock);
+		}
 	close(srv->srv_server.cli_sock);
 
 	if (srv->srv_clients) {
@@ -626,6 +650,7 @@ rpc_srv_endServer(rpc_srv_t * __restrict srv)
 	}
 	pthread_mutex_unlock(&srv->srv_mtx);
 
+	while (pthread_mutex_trylock(&srv->srv_mtx) == EBUSY);
 	pthread_mutex_destroy(&srv->srv_mtx);
 
 	free(srv);