diff options
author | Hector Martin | 2010-06-13 18:48:27 +0200 |
---|---|---|
committer | Hector Martin | 2010-06-13 18:48:27 +0200 |
commit | 713cfb3d145f9db242138405f16d4ab225e8ba04 (patch) | |
tree | db3230f6e2099f1d5630e8042386fe5fc0067c10 /daemon | |
parent | e1da26918aa8eb025cf18216efce61b2b4cf64b8 (diff) | |
download | usbmuxd-713cfb3d145f9db242138405f16d4ab225e8ba04.tar.gz usbmuxd-713cfb3d145f9db242138405f16d4ab225e8ba04.tar.bz2 |
Abort processing for some client errors (instead of crashing)
Missing 'return' statements caused the code to keep running on a
deallocated client, which would cause the server to crash.
Diffstat (limited to 'daemon')
-rw-r--r-- | daemon/client.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/daemon/client.c b/daemon/client.c index 80bc0c7..ac1045a 100644 --- a/daemon/client.c +++ b/daemon/client.c @@ -520,14 +520,17 @@ static void process_recv(struct mux_client *client) usbmuxd_log(LL_INFO, "Client %d version mismatch: expected %d, got %d", client->fd, USBMUXD_PROTOCOL_VERSION, hdr->version); #endif client_close(client); + return; } if(hdr->length > client->ib_capacity) { usbmuxd_log(LL_INFO, "Client %d message is too long (%d bytes)", client->fd, hdr->length); client_close(client); + return; } if(hdr->length < sizeof(struct usbmuxd_header)) { usbmuxd_log(LL_ERROR, "Client %d message is too short (%d bytes)", client->fd, hdr->length); client_close(client); + return; } if(client->ib_size < hdr->length) { if(did_read) |