From 4a64775a862438f573817dede411c12ad6c94a44 Mon Sep 17 00:00:00 2001 From: Con Kolivas Date: Fri, 29 Jan 2016 08:35:52 +1100 Subject: [PATCH] Fix off-by-one error in bkey send size and clear buffer properly in clear_bufline --- src/ckpool.c | 3 ++- src/connector.c | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ckpool.c b/src/ckpool.c index 5427fd65..c8866bc7 100644 --- a/src/ckpool.c +++ b/src/ckpool.c @@ -579,6 +579,7 @@ static void clear_bufline(connsock_t *cs) if (unlikely(!cs->buf)) { socklen_t optlen = sizeof(cs->rcvbufsiz); + cs->bufofs = 0; cs->buf = ckzalloc(PAGESIZE); cs->bufsize = PAGESIZE; getsockopt(cs->fd, SOL_SOCKET, SO_RCVBUF, &cs->rcvbufsiz, &optlen); @@ -589,8 +590,8 @@ static void clear_bufline(connsock_t *cs) memset(cs->buf + cs->buflen, 0, cs->bufofs); cs->bufofs = cs->buflen; cs->buflen = 0; - cs->buf[cs->bufofs] = '\0'; } + cs->buf[cs->bufofs] = '\0'; } static void add_buflen(ckpool_t *ckp, connsock_t *cs, const char *readbuf, const int len) diff --git a/src/connector.c b/src/connector.c index e4ee3ea3..9fe233df 100644 --- a/src/connector.c +++ b/src/connector.c @@ -1272,8 +1272,10 @@ static void process_client_msg(cdata_t *cdata, char *buf, uint32_t msglen) msg = json_dumps(json_msg, JSON_EOL | JSON_COMPACT); slen = strlen(msg); if (blen) { - msglen = slen + blen; + /* We're overwriting the EOL so remove it from msglen */ + msglen = slen + blen - 1; msg = realloc(msg, msglen); + /* Overwrite the EOL here */ memcpy(msg + slen - 1, bkey, blen); send_client(cdata, client_id, msg, slen, msglen); } else