Hello all
When a client send a bigrequest with length being
set to 0, the X server sometimes doesn't return BadLength.
In xc/programs/Xserer/os/io.c, if the length is 0, then
client->req_len is set to 0xFFFFFFFF after it move the header.
Some processor of the request only check for
REQUEST_AT_LEAST_SIZE(...), for example ProcNoOperation. Then
the client will not received a BadLength error.
It may be better for ReadRequestFromClient() to set
client->req_len according to the bad request length so that
BadLength can be returned.
ReadRequestFromClient(..)
{
...
#ifdef BIGREQS
if (move_header)
{
request = (xReq *)oci->bufptr;
oci->bufptr += (sizeof(xBigReq) - sizeof(xReq));
*(xReq *)oci->bufptr = *request;
oci->lenLastReq -= (sizeof(xBigReq) - sizeof(xReq));
client->req_len -= (sizeof(xBigReq) - sizeof(xReq)) >> 2;
}
#endif
...
}
Best Regards!
Peng Hongbo
_______________________________________________
XFree86 mailing list
XFree86@xxxxxxxxxxx
http://XFree86.Org/mailman/listinfo/xfree86
