--- libaitrpc/src/srv.c	2010/07/07 15:18:22	1.1.1.1.2.15
+++ libaitrpc/src/srv.c	2011/07/14 01:37:02	1.2.2.3
@@ -3,9 +3,46 @@
 *  by Michael Pounov <misho@openbsd-bg.org>
 *
 * $Author: misho $
-* $Id: srv.c,v 1.1.1.1.2.15 2010/07/07 15:18:22 misho Exp $
+* $Id: srv.c,v 1.2.2.3 2011/07/14 01:37:02 misho Exp $
 *
-*************************************************************************/
+**************************************************************************
+The ELWIX and AITNET software is distributed under the following
+terms:
+
+All of the documentation and software included in the ELWIX and AITNET
+Releases is copyrighted by ELWIX - Sofia/Bulgaria <info@elwix.org>
+
+Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011
+	by Michael Pounov <misho@elwix.org>.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+This product includes software developed by Michael Pounov <misho@elwix.org>
+ELWIX - Embedded LightWeight unIX and its contributors.
+4. Neither the name of AITNET nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY AITNET AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+*/
 #include "global.h"
 
 
@@ -17,7 +54,7 @@ rpc_srv_dispatchCall(void *arg)
 	rpc_val_t *vals = NULL, *v = NULL;
 	rpc_func_t *f;
 	struct tagRPCCall *rpc;
-	struct tagRPCRet rrpc;
+	struct tagRPCRet *rrpc;
 	fd_set fds;
 	u_char buf[BUFSIZ], *data;
 	int ret, argc = 0, Limit = 0;
@@ -30,13 +67,13 @@ rpc_srv_dispatchCall(void *arg)
 		s = c->cli_parent;
 
 	do {
+		v = NULL;
 		FD_ZERO(&fds);
 		FD_SET(c->cli_sock, &fds);
 		ret = select(c->cli_sock + 1, &fds, NULL, NULL, NULL);
 		if (ret == -1) {
 			ret = -2;
 		}
-		memset(&rrpc, 0, sizeof rrpc);
 		memset(buf, 0, BUFSIZ);
 		if ((ret = recv(c->cli_sock, buf, BUFSIZ, 0)) == -1) {
 			LOGERR;
@@ -58,21 +95,43 @@ rpc_srv_dispatchCall(void *arg)
 			rpc_SetErr(EINVAL, "Error:: get invalid RPC session ...\n");
 			ret = -5;
 			goto makeReply;
-		}
+		} else
+			Limit = sizeof(struct tagRPCCall);
 		// RPC is OK! Go decapsulate variables ...
 		if (rpc->call_argc) {
-			v = (rpc_val_t*) (buf + sizeof(struct tagRPCCall));
+			v = (rpc_val_t*) (buf + Limit);
+			// check RPC packet length
+			if (rpc->call_argc * sizeof(rpc_val_t) > BUFSIZ - Limit) {
+				rpc_SetErr(EMSGSIZE, "Error:: Too big RPC packet ...\n");
+				ret = -5;
+				goto makeReply;
+			} else
+				Limit += rpc->call_argc * sizeof(rpc_val_t);
 			// RPC received variables types OK!
 			data = (u_char*) v + rpc->call_argc * sizeof(rpc_val_t);
 			for (i = 0; i < rpc->call_argc; i++) {
 				switch (v[i].val_type) {
 					case buffer:
+						if (v[i].val_len > BUFSIZ - Limit) {
+							rpc_SetErr(EMSGSIZE, "Error:: Too big RPC packet ...\n");
+							ret = -5;
+							goto makeReply;
+						} else
+							Limit += v[i].val_len;
+
 						v[i].val.buffer = data;
 					       	data += v[i].val_len;
 						break;
 					case string:
+						if (v[i].val_len > BUFSIZ - Limit) {
+							rpc_SetErr(EMSGSIZE, "Error:: Too big RPC packet ...\n");
+							ret = -5;
+							goto makeReply;
+						} else
+							Limit += v[i].val_len;
+
 						v[i].val.string = (int8_t*) data;
-						data += v[i].val_len + 1;
+						data += v[i].val_len;
 						break;
 					case blob:
 						if (s->srv_blob.state == disable) {
@@ -93,32 +152,44 @@ rpc_srv_dispatchCall(void *arg)
 			ret = -6;
 		} else
 			if ((ret = rpc_srv_execCall(f, rpc, v)) == -1)
-				ret = -6;
+				ret = -9;
 			else
 				argc = rpc_srv_getValsCall(f, &vals);
 
 makeReply:
-		memcpy(&rrpc.ret_session, &rpc->call_session, sizeof rrpc.ret_session);
-		rrpc.ret_tag = rpc->call_tag;
-		rrpc.ret_hash = rpc->call_hash;
-		rrpc.ret_errno = rpc_Errno;
-		rrpc.ret_retcode = ret;
-		rrpc.ret_argc = argc;
-
 		memset(buf, 0, BUFSIZ);
-		memcpy(buf, &rrpc, (Limit = sizeof rrpc));
+		rrpc = (struct tagRPCRet*) buf;
+		Limit = sizeof(struct tagRPCRet);
+
+		memcpy(&rrpc->ret_session, &rpc->call_session, sizeof rrpc->ret_session);
+		rrpc->ret_tag = rpc->call_tag;
+		rrpc->ret_hash = rpc->call_hash;
+		rrpc->ret_errno = rpc_Errno;
+		rrpc->ret_retcode = ret;
+		rrpc->ret_argc = argc;
+
 		if (argc && vals) {
-			v = (rpc_val_t*) (buf + sizeof rrpc);
+			v = (rpc_val_t*) (buf + Limit);
+			if (argc * sizeof(rpc_val_t) > BUFSIZ - Limit) {
+				for (i = 0; i < argc; i++)
+					RPC_FREE_VAL(&vals[i]);
+				free(vals);
+				vals = NULL;
+				argc = 0;
+				ret = -7;
+				rpc_SetErr(EMSGSIZE, "Error:: in prepare RPC packet values (-7) ...\n");
+				goto makeReply;
+			} else
+				Limit += argc * sizeof(rpc_val_t);
 			memcpy(v, vals, argc * sizeof(rpc_val_t));
-			Limit += argc * sizeof(rpc_val_t);
 			data = (u_char*) v + argc * sizeof(rpc_val_t);
 			for (ret = i = 0; i < argc; i++) {
 				switch (vals[i].val_type) {
 					case buffer:
 						if (ret || Limit + vals[i].val_len > BUFSIZ) {
 							rpc_SetErr(EMSGSIZE, "Error:: in prepare RPC packet (-7) ...\n");
-							rrpc.ret_retcode = ret = -7;
-							rrpc.ret_argc = 0;
+							rrpc->ret_retcode = ret = -7;
+							rrpc->ret_argc = 0;
 							break;
 						}
 
@@ -127,22 +198,22 @@ makeReply:
 						Limit += vals[i].val_len;
 						break;
 					case string:
-						if (ret || Limit + vals[i].val_len + 1 > BUFSIZ) {
+						if (ret || Limit + vals[i].val_len > BUFSIZ) {
 							rpc_SetErr(EMSGSIZE, "Error:: in prepare RPC packet (-7) ...\n");
-							rrpc.ret_retcode = ret = -7;
-							rrpc.ret_argc = 0;
+							rrpc->ret_retcode = ret = -7;
+							rrpc->ret_argc = 0;
 							break;
 						}
 
-						memcpy(data, vals[i].val.string, vals[i].val_len + 1);
-						data += vals[i].val_len + 1;
-						Limit += vals[i].val_len + 1;
+						memcpy(data, vals[i].val.string, vals[i].val_len);
+						data += vals[i].val_len;
+						Limit += vals[i].val_len;
 						break;
 					case blob:
 						if (s->srv_blob.state == disable) {
 							rpc_SetErr(ENOTSUP, "Error:: BLOB server is disabled\n");
-							rrpc.ret_retcode = ret = -5;
-							rrpc.ret_argc = 0;
+							rrpc->ret_retcode = ret = -5;
+							rrpc->ret_argc = 0;
 							break;
 						}
 					default:
@@ -151,6 +222,8 @@ makeReply:
 
 				RPC_FREE_VAL(&vals[i]);
 			}
+			free(vals);
+			vals = NULL;
 		}
 
 		if ((ret = send(c->cli_sock, buf, Limit, 0)) == -1) {
@@ -159,7 +232,7 @@ makeReply:
 			break;
 		}
 		if (ret != Limit) {
-			rpc_SetErr(EBADMSG, "Error:: in send RPC request, should be send %d bytes, "
+			rpc_SetErr(ECANCELED, "Error:: in send RPC request, should be send %d bytes, "
 					"really is %d\n", Limit, ret);
 			ret = -9;
 			break;
@@ -169,7 +242,7 @@ makeReply:
 	shutdown(c->cli_sock, SHUT_RDWR);
 	close(c->cli_sock);
 	memset(c, 0, sizeof(rpc_cli_t));
-	return (void*) ret;
+	return (void*) (long)ret;
 }
 
 
@@ -179,7 +252,7 @@ rpc_srv_dispatchVars(void *arg)
 	rpc_cli_t *c = arg;
 	rpc_srv_t *s;
 	rpc_blob_t *b;
-	int cx, ret;
+	int ret;
 	fd_set fds;
 	u_char buf[sizeof(struct tagBLOBHdr)];
 	struct tagBLOBHdr *blob;
@@ -190,7 +263,6 @@ rpc_srv_dispatchVars(void *arg)
 	} else
 		s = c->cli_parent;
 
-	cx = -1;
 	do {
 		// check for disable service at this moment?
 		if (s->srv_blob.state == disable) {
@@ -203,8 +275,8 @@ rpc_srv_dispatchVars(void *arg)
 		ret = select(c->cli_sock + 1, &fds, NULL, NULL, NULL);
 		if (ret == -1) {
 			ret = -2;
-		} else
-			cx++;
+		}
+
 		memset(buf, 0, sizeof buf);
 		if ((ret = recv(c->cli_sock, buf, sizeof buf, 0)) == -1) {
 			LOGERR;
@@ -222,9 +294,8 @@ rpc_srv_dispatchVars(void *arg)
 		} else
 			blob = (struct tagBLOBHdr*) buf;
 		// check BLOB packet session info
-		if (memcmp(&blob->hdr_session, &s->srv_session, sizeof blob->hdr_session) || 
-				blob->hdr_seq != cx) {
-			rpc_SetErr(EINVAL, "Error:: get invalid BLOB session in seq=%d...\n", blob->hdr_seq);
+		if (memcmp(&blob->hdr_session, &s->srv_session, sizeof blob->hdr_session)) {
+			rpc_SetErr(EINVAL, "Error:: get invalid BLOB session ...\n");
 			ret = -5;
 			goto makeReply;
 		}
@@ -236,8 +307,8 @@ rpc_srv_dispatchVars(void *arg)
 							blob->hdr_var);
 					ret = -6;
 					break;
-				}
-				printf("++++++ %p\n", b);
+				} else
+					blob->hdr_len = b->blob_len;
 
 				if (rpc_srv_blobMap(s, b) != -1) {
 					ret = rpc_srv_sendBLOB(c, b);
@@ -265,31 +336,28 @@ rpc_srv_dispatchVars(void *arg)
 						blob->hdr_cmd);
 				ret = -7;
 		}
-		cx++;
 
 makeReply:
 		// Replay to client!
 		blob->hdr_cmd = ret < 0 ? error : ok;
-		blob->hdr_seq = ret;
+		blob->hdr_ret = ret;
 		if ((ret = send(c->cli_sock, buf, sizeof buf, 0)) == -1) {
 			LOGERR;
 			ret = -8;
 			break;
 		}
 		if (ret != sizeof buf) {
-			rpc_SetErr(EBADMSG, "Error:: in send BLOB reply, should be send %d bytes, "
+			rpc_SetErr(ECANCELED, "Error:: in send BLOB reply, should be send %d bytes, "
 					"really is %d\n", sizeof buf, ret);
 			ret = -9;
 			break;
 		}
-		cx = -1;
-
 	} while (ret > -1);
 
 	shutdown(c->cli_sock, SHUT_RDWR);
 	close(c->cli_sock);
 	memset(c, 0, sizeof(rpc_cli_t));
-	return (void*) ret;
+	return (void*) (long)ret;
 }
 
 // -------------------------------------------------
@@ -416,6 +484,7 @@ rpc_srv_endBLOBServer(rpc_srv_t * __restrict srv)
 	}
 	pthread_mutex_unlock(&srv->srv_blob.mtx);
 
+	while (pthread_mutex_trylock(&srv->srv_blob.mtx) == EBUSY);
 	pthread_mutex_destroy(&srv->srv_blob.mtx);
 }
 
@@ -584,12 +653,12 @@ rpc_srv_initServer(u_int regProgID, u_int regProcID, i
 	} else
 		memset(srv->srv_clients, 0, srv->srv_numcli * sizeof(rpc_cli_t));
 
+	pthread_mutex_init(&srv->srv_mtx, NULL);
+
 	rpc_srv_registerCall(srv, NULL, CALL_SRVSHUTDOWN, 0);
 	rpc_srv_registerCall(srv, NULL, CALL_SRVCLIENTS, 0);
 	rpc_srv_registerCall(srv, NULL, CALL_SRVCALLS, 0);
 	rpc_srv_registerCall(srv, NULL, CALL_SRVSESSIONS, 0);
-
-	pthread_mutex_init(&srv->srv_mtx, NULL);
 	return srv;
 }
 
@@ -613,8 +682,10 @@ rpc_srv_endServer(rpc_srv_t * __restrict srv)
 	rpc_srv_endBLOBServer(srv);
 
 	for (i = 0, c = srv->srv_clients; i < srv->srv_numcli && c; i++, c++)
-		if (c->cli_sa.sa_family)
+		if (c->cli_sa.sa_family) {
 			shutdown(c->cli_sock, SHUT_RDWR);
+			close(c->cli_sock);
+		}
 	close(srv->srv_server.cli_sock);
 
 	if (srv->srv_clients) {
@@ -630,6 +701,7 @@ rpc_srv_endServer(rpc_srv_t * __restrict srv)
 	}
 	pthread_mutex_unlock(&srv->srv_mtx);
 
+	while (pthread_mutex_trylock(&srv->srv_mtx) == EBUSY);
 	pthread_mutex_destroy(&srv->srv_mtx);
 
 	free(srv);