Fix uninitialized data being passed to sendmsg().

[meshlink] / src / utcp.c

diff --git a/src/utcp.c b/src/utcp.c
index c21e7067b89610c17182eae3dce57b58a9dfa274..fa45e9c625b4b4e1d28c07ea49d881dad40e2107 100644 (file)
--- a/src/utcp.c
+++ b/src/utcp.c
@@ -470,8 +470,13 @@ static void set_buffer_storage(struct buffer *buf, char *data, size_t size) {
 
                buf->external = false;
        } else {
+               // Don't do anything if the buffer wraps
+               if(buffer_wraps(buf)) {
+                       return;
+               }
+
                // Realloc internal storage
-               size_t minsize = buf->used <= DEFAULT_SNDBUFSIZE ? DEFAULT_SNDBUFSIZE : buf->used;
+               size_t minsize = max(DEFAULT_SNDBUFSIZE, buf->offset + buf->used);
 
                if(minsize) {
                        data = realloc(buf->data, minsize);
@@ -1595,6 +1600,8 @@ synack:
                        // The peer has aborted our connection.
                        set_state(c, CLOSED);
                        errno = ECONNRESET;
+                       buffer_clear(&c->sndbuf);
+                       buffer_clear(&c->rcvbuf);
 
                        if(c->recv) {
                                c->recv(c, NULL, 0);
@@ -2067,6 +2074,9 @@ static bool reset_connection(struct utcp_connection *c) {
                return false;
        }
 
+       buffer_clear(&c->sndbuf);
+       buffer_clear(&c->rcvbuf);
+
        c->recv = NULL;
        c->poll = NULL;
 
@@ -2101,6 +2111,7 @@ static bool reset_connection(struct utcp_connection *c) {
        hdr.ack = c->rcv.nxt;
        hdr.wnd = 0;
        hdr.ctl = RST;
+       hdr.aux = 0;
 
        print_packet(c, "send", &hdr, sizeof(hdr));
        c->utcp->send(c->utcp, &hdr, sizeof(hdr));
@@ -2108,8 +2119,8 @@ static bool reset_connection(struct utcp_connection *c) {
 }
 
 static void set_reapable(struct utcp_connection *c) {
-       set_buffer_storage(&c->sndbuf, NULL, DEFAULT_MTU);
-       set_buffer_storage(&c->rcvbuf, NULL, DEFAULT_MTU);
+       set_buffer_storage(&c->sndbuf, NULL, min(c->sndbuf.maxsize, DEFAULT_MAXSNDBUFSIZE));
+       set_buffer_storage(&c->rcvbuf, NULL, min(c->rcvbuf.maxsize, DEFAULT_MAXRCVBUFSIZE));
 
        c->recv = NULL;
        c->poll = NULL;
@@ -2199,6 +2210,8 @@ struct timespec utcp_timeout(struct utcp *utcp) {
                if(timespec_isset(&c->conn_timeout) && timespec_lt(&c->conn_timeout, &now)) {
                        errno = ETIMEDOUT;
                        c->state = CLOSED;
+                       buffer_clear(&c->sndbuf);
+                       buffer_clear(&c->rcvbuf);
 
                        if(c->recv) {
                                c->recv(c, NULL, 0);
@@ -2301,6 +2314,9 @@ void utcp_exit(struct utcp *utcp) {
                struct utcp_connection *c = utcp->connections[i];
 
                if(!c->reapable) {
+                       buffer_clear(&c->sndbuf);
+                       buffer_clear(&c->rcvbuf);
+
                        if(c->recv) {
                                c->recv(c, NULL, 0);
                        }