Patch: WIN32 "aRead" Buffer Overflow Fix & Optimize WIN32 "aRead" & "aWr

bug-commoncpp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch: WIN32 "aRead" Buffer Overflow Fix & Optimize WIN32 "aRead" & "aWr

From:	Conrad T. Pino
Subject:	Patch: WIN32 "aRead" Buffer Overflow Fix & Optimize WIN32 "aRead" & "aWrite"
Date:	Fri, 9 Sep 2005 15:31:16 -0700

This patch fixes a buffer overflow in WIN32 "aRead" and implements
a zero request length optimization in WIN32 "aRead" and "aWrite".

This patch modifies the following files:

        src/serial.cpp

This patch is committed on "dev-bcb6-arm" branch between revision
tags "dev-bcb6-arm-0052" and "dev-bcb6-arm-0053".

Index: src/serial.cpp
===================================================================
RCS file: /cvsroot/gnutelephony/testing/commoncpp2/src/serial.cpp,v
retrieving revision 1.1.1.1.2.2
retrieving revision 1.1.1.1.2.3
diff -u -p -r1.1.1.1.2.2 -r1.1.1.1.2.3
--- src/serial.cpp      9 Sep 2005 18:46:36 -0000       1.1.1.1.2.2
+++ src/serial.cpp      9 Sep 2005 22:29:29 -0000       1.1.1.1.2.3
@@ -475,75 +475,74 @@ void Serial::open(const char * fname)
 #ifdef WIN32
 int Serial::aRead(char * Data, const int Length)
 {
-       unsigned long   dwLength = 0, dwError, dwReadLength;
+       DWORD   dwActualLength = 0, dwError = 0, dwReadLength = Length;
        COMSTAT cs;
-    OVERLAPPED ol;
-    
-    // Return zero if handle is invalid
-    if(!isOpen())
-        return 0;
+       OVERLAPPED ol;
 
-    // Read max length or only what is available
-    ClearCommError(dev, &dwError, &cs);
+       // Return zero if handle is invalid
+       if(!isOpen())
+               return 0;
 
-    // If not requiring an exact byte count, get whatever is available
-    if(dwLength > (int)cs.cbInQue)
-        dwReadLength = cs.cbInQue;
-    else
-        dwReadLength = Length;
+       // Read max length or only what is available
+       ClearCommError(dev, &dwError, &cs);
+
+       // If not requiring an exact byte count, get whatever is available
+       if(dwReadLength > cs.cbInQue)
+               dwReadLength = cs.cbInQue;
 
-    memset(&ol, 0, sizeof(OVERLAPPED));
-    ol.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
+       if(dwReadLength > 0)
+       {
+               memset(&ol, 0, sizeof(OVERLAPPED));
+               ol.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
     
-    if(dwReadLength > 0)
-    {
-        if(ReadFile(dev, Data, dwReadLength, &dwLength, &ol) == FALSE) 
-        {
-            if(GetLastError() == ERROR_IO_PENDING)
-            {
-                WaitForSingleObject(ol.hEvent, INFINITE);
-                GetOverlappedResult(dev, &ol, &dwLength, TRUE);
-            }
-            else
-                ClearCommError(dev, &dwError, &cs);
-        }
+                       if(ReadFile(dev, Data, dwReadLength, &dwActualLength, 
&ol) == FALSE)
+                       {
+                               if(GetLastError() == ERROR_IO_PENDING)
+                               {
+                                       WaitForSingleObject(ol.hEvent, 
INFINITE);
+                                       GetOverlappedResult(dev, &ol, 
&dwActualLength, TRUE);
+                               }
+                               else
+                                       ClearCommError(dev, &dwError, &cs);
+                       }
+
+               if(ol.hEvent != INVALID_HANDLE_VALUE)
+                       CloseHandle(ol.hEvent);
     }
-        
-    if(ol.hEvent != INVALID_HANDLE_VALUE)
-        CloseHandle(ol.hEvent);
-        
-       return dwLength;
+
+       return dwActualLength;
 }
 
 int Serial::aWrite(const char * Data, const int Length)
 {
+       DWORD   dwActualLength = 0, dwError = 0, dwWriteLength = Length;
        COMSTAT cs;
-       unsigned long dwError = 0;
-    OVERLAPPED ol;
+       OVERLAPPED ol;
 
-       // Clear the com port of any error condition prior to read
+       // Clear the com port of any error condition prior to write
        ClearCommError(dev, &dwError, &cs);
 
-       unsigned long retSize = 0;
-    
-    memset(&ol, 0, sizeof(OVERLAPPED));
-    ol.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
-       
-    if(WriteFile(dev, Data, Length, &retSize, &ol) == FALSE)
-    {
-        if(GetLastError() == ERROR_IO_PENDING)
-        {
-            WaitForSingleObject(ol.hEvent, INFINITE);
-            GetOverlappedResult(dev, &ol, &retSize, TRUE);
-        }
-        else
-            ClearCommError(dev, &dwError, &cs);
-    }
-    
-    if(ol.hEvent != INVALID_HANDLE_VALUE)
-        CloseHandle(ol.hEvent);
-        
-       return retSize;
+       if(dwWriteLength > 0)
+       {
+               memset(&ol, 0, sizeof(OVERLAPPED));
+               ol.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
+
+               if(WriteFile(dev, Data, dwWriteLength, &dwActualLength, &ol) == 
FALSE)
+               {
+                       if(GetLastError() == ERROR_IO_PENDING)
+                       {
+                               WaitForSingleObject(ol.hEvent, INFINITE);
+                               GetOverlappedResult(dev, &ol, &dwActualLength, 
TRUE);
+                       }
+                       else
+                               ClearCommError(dev, &dwError, &cs);
+               }
+
+               if(ol.hEvent != INVALID_HANDLE_VALUE)
+                       CloseHandle(ol.hEvent);
+       }
+
+       return dwActualLength;
 }
 #else
 int Serial::aRead(char *Data, const int Length)

[Prev in Thread]

Current Thread

[Next in Thread]

Patch: WIN32 "aRead" Buffer Overflow Fix & Optimize WIN32 "aRead" & "aWrite", Conrad T. Pino <=

Prev by Date: Bug: WIN32 "aRead" Buffer Overflow When "Length" < "cs.cbInQue"
Next by Date: Serial Design Issue: "Serial::isPending" Semantics
Previous by thread: Bug: WIN32 "aRead" Buffer Overflow When "Length" < "cs.cbInQue"
Next by thread: Serial Design Issue: "Serial::isPending" Semantics
Index(es):
- Date
- Thread