From ec0cc1f1356b246303feb3df14ec658af0f21b3a Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Thu, 30 Sep 2004 04:07:23 +0000
Subject: * mpicoder.c (mpi_read): If we must fail due to a oversize (generally
 corrupt) MPI, make sure the number of bytes we read is valid so we can skip
 the rest of the bad packet (in hopes the whole stream isn't invalid).

---
 mpi/mpicoder.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'mpi/mpicoder.c')

diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c
index 4aaf2c017..0005f21a8 100644
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@@ -80,15 +80,16 @@ mpi_read(IOBUF inp, unsigned *ret_nread, int secure)
 
     if( (c = iobuf_get(inp)) == -1 )
 	goto leave;
+    nread++;
     nbits = c << 8;
     if( (c = iobuf_get(inp)) == -1 )
 	goto leave;
+    nread++;
     nbits |= c;
     if( nbits > MAX_EXTERN_MPI_BITS ) {
 	log_error("mpi too large (%u bits)\n", nbits);
 	goto leave;
     }
-    nread = 2;
 
     nbytes = (nbits+7) / 8;
     nlimbs = (nbytes+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB;
-- 
cgit v1.2.3