shithub: riscv

Download patch

ref: 0aac600fb3b659b5b9a2a8aaefb821774cf38bd2
parent: 967b1248f82e5f64eab4dbf45898a37851b71fa2
author: cinap_lenrek <[email protected]>
date: Thu Feb 28 20:43:55 EST 2019

lib9p: fix zero msize abort() due to unknown version (thanks kivik)

kivik wrote:

I've found a nasty bug in lib9p handling of Tversion
messages, where an invalid version string in the request
leads to servers abort()ing the spaceship.

To reproduce:
	; ramfs -S ram
	; aux/9pcon /srv/ram
	Tversion ~0 DIE

The issue lies in sversion() where in case an invalid
version string is received we respond right away with
ofcall.version="unknown"; however, we fail to set the
ofcall.msize, which at this point is cleared to 0.  This
causes the convS2M call in respond() to fail and abort being
called.

--- a/sys/src/lib9p/srv.c
+++ b/sys/src/lib9p/srv.c
@@ -172,6 +172,7 @@
 	}
 	if(strncmp(r->ifcall.version, "9P", 2) != 0){
 		r->ofcall.version = "unknown";
+		r->ofcall.msize = 256;
 		respond(r, nil);
 		return;
 	}