On Fri, Jun 04, 2004 at 11:25:35PM +0800, Peng Hongbo wrote:
>Hello all
> When a client send a bigrequest with length being
>set to 0, the X server sometimes doesn't return BadLength.
>
> In xc/programs/Xserer/os/io.c, if the length is 0, then
>client->req_len is set to 0xFFFFFFFF after it move the header.
>Some processor of the request only check for
>REQUEST_AT_LEAST_SIZE(...), for example ProcNoOperation. Then
>the client will not received a BadLength error.
>
> It may be better for ReadRequestFromClient() to set
>client->req_len according to the bad request length so that
>BadLength can be returned.
Do you have a patch that fixes this? Also, have you seen any other bad
side-effects of a bigrequest with length 0?
David
>ReadRequestFromClient(..)
>{
> ...
>#ifdef BIGREQS
> if (move_header)
> {
> request = (xReq *)oci->bufptr;
> oci->bufptr += (sizeof(xBigReq) - sizeof(xReq));
> *(xReq *)oci->bufptr = *request;
> oci->lenLastReq -= (sizeof(xBigReq) - sizeof(xReq));
> client->req_len -= (sizeof(xBigReq) - sizeof(xReq)) >> 2;
> }
>#endif
> ...
>}
>
>
>Best Regards!
>Peng Hongbo
>
>
>_______________________________________________
>XFree86 mailing list
>XFree86@xxxxxxxxxxx
>http://XFree86.Org/mailman/listinfo/xfree86
>
_______________________________________________
XFree86 mailing list
XFree86@xxxxxxxxxxx
http://XFree86.Org/mailman/listinfo/xfree86
