From ec0cc1f1356b246303feb3df14ec658af0f21b3a Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Thu, 30 Sep 2004 04:07:23 +0000
Subject: * mpicoder.c (mpi_read): If we must fail due to a oversize (generally
 corrupt) MPI, make sure the number of bytes we read is valid so we can skip
 the rest of the bad packet (in hopes the whole stream isn't invalid).

---
 mpi/ChangeLog  | 7 +++++++
 mpi/mpicoder.c | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/mpi/ChangeLog b/mpi/ChangeLog
index 4058117c7..a595bc171 100644
--- a/mpi/ChangeLog
+++ b/mpi/ChangeLog
@@ -1,3 +1,10 @@
+2004-09-29  David Shaw  <dshaw@jabberwocky.com>
+
+	* mpicoder.c (mpi_read): If we must fail due to a oversize
+	(generally corrupt) MPI, make sure the number of bytes we read is
+	valid so we can skip the rest of the bad packet (in hopes the
+	whole stream isn't invalid).
+
 2004-05-20  David Shaw  <dshaw@jabberwocky.com>
 
 	* longlong.h: Typo.
diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c
index 4aaf2c017..0005f21a8 100644
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@@ -80,15 +80,16 @@ mpi_read(IOBUF inp, unsigned *ret_nread, int secure)
 
     if( (c = iobuf_get(inp)) == -1 )
 	goto leave;
+    nread++;
     nbits = c << 8;
     if( (c = iobuf_get(inp)) == -1 )
 	goto leave;
+    nread++;
     nbits |= c;
     if( nbits > MAX_EXTERN_MPI_BITS ) {
 	log_error("mpi too large (%u bits)\n", nbits);
 	goto leave;
     }
-    nread = 2;
 
     nbytes = (nbits+7) / 8;
     nlimbs = (nbytes+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB;
-- 
cgit v1.2.3