THRIFT-1414 bufferoverflow in c_glib buffered transport/socket client
Patch: Christian Zimnick
git-svn-id: https://svn.apache.org/repos/asf/thrift/trunk@1399452 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c b/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c
index a3d7c21..1193b13 100644
--- a/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c
+++ b/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c
@@ -71,7 +71,7 @@
ThriftBufferedTransport *t = THRIFT_BUFFERED_TRANSPORT (transport);
guint32 want = len;
guint32 got = 0;
- guchar tmpdata[t->r_buf_size];
+ guchar tmpdata[len];
guint32 have = t->r_buf->len;
// we shouldn't hit this unless the buffer doesn't have enough to read
@@ -101,7 +101,7 @@
} else {
got += THRIFT_TRANSPORT_GET_CLASS (t->transport)->read (t->transport,
tmpdata,
- t->r_buf_size,
+ want,
error);
t->r_buf = g_byte_array_append (t->r_buf, tmpdata, got);
diff --git a/lib/c_glib/src/thrift/transport/thrift_socket.c b/lib/c_glib/src/thrift/transport/thrift_socket.c
index 0716baa..6584a93 100644
--- a/lib/c_glib/src/thrift/transport/thrift_socket.c
+++ b/lib/c_glib/src/thrift/transport/thrift_socket.c
@@ -129,7 +129,7 @@
while (got < len)
{
- ret = recv (socket->sd, buf, len, 0);
+ ret = recv (socket->sd, buf+got, len-got, 0);
if (ret < 0)
{
g_set_error (error, THRIFT_TRANSPORT_ERROR,