From 008d5f4b9f3cad2d5fe350fa525b8a2135b97785 Mon Sep 17 00:00:00 2001 From: daniel Date: Fri, 25 Jan 2013 22:39:58 +0900 Subject: String termination fix try 2 --- libvxi11client/client.c | 3 ++- libvxi11client/libvxi11client.c | 14 ++++++++++---- libvxi11client/libvxi11client.h | 3 ++- vxi11_server.c | 11 ++++------- 4 files changed, 18 insertions(+), 13 deletions(-) diff --git a/libvxi11client/client.c b/libvxi11client/client.c index f0d9629..d9bb107 100644 --- a/libvxi11client/client.c +++ b/libvxi11client/client.c @@ -172,7 +172,8 @@ int main(int argc, char *argv[]) { printf("\n"); // docmd - if ((err = vxi11_docmd(&ctx, 0x00, false)) > 0) + int dataoutlen; + if ((err = vxi11_docmd(&ctx, NULL, 0, NULL, 0, &dataoutlen, 0x00, false)) > 0) printf("did command, should fail!\n"); else printf("Error calling docmd; %s\n", geterrorstring(err)); diff --git a/libvxi11client/libvxi11client.c b/libvxi11client/libvxi11client.c index 66bb020..f504def 100644 --- a/libvxi11client/libvxi11client.c +++ b/libvxi11client/libvxi11client.c @@ -234,7 +234,8 @@ int vxi11_read(VXI11Context* context, char* buffer, unsigned int bufferlen, bool * call docmd with the specified command */ -int vxi11_docmd(VXI11Context* context, unsigned long cmd, bool waitforlock) { +int vxi11_docmd(VXI11Context* context, char* datain, int datainlen, char* dataout, int outbufferlen, int* dataoutlen, + unsigned long cmd, bool waitforlock) { if (context->clnt == NULL) return 0; @@ -242,12 +243,17 @@ int vxi11_docmd(VXI11Context* context, unsigned long cmd, bool waitforlock) { .io_timeout = VXI11_DEFAULT_TIMEOUT, .lock_timeout = VXI11_DEFAULT_TIMEOUT, .cmd = cmd, .network_order = 0, .datasize = 0 }; - params.data_in.data_in_len = 0; - params.data_in.data_in_val = NULL; + params.data_in.data_in_len = datainlen; + params.data_in.data_in_val = datain; Device_DocmdResp* resp = device_docmd_1(¶ms, context->clnt); - if (resp != NULL && resp->error == 0) + if (resp != NULL && resp->error == 0) { + if (dataout != NULL) + strncpy(dataout, resp->data_out.data_out_val, + (resp->data_out.data_out_len > outbufferlen ? outbufferlen : resp->data_out.data_out_len)); + *dataoutlen = resp->data_out.data_out_len; return 1; + } else if (resp == NULL) return 0; else diff --git a/libvxi11client/libvxi11client.h b/libvxi11client/libvxi11client.h index 740e3d3..ff301d3 100644 --- a/libvxi11client/libvxi11client.h +++ b/libvxi11client/libvxi11client.h @@ -41,5 +41,6 @@ int vxi11_destroy_intr_chan(VXI11Context* context); int vxi11_enable_srq(VXI11Context* context, bool enable, char* handle); int vxi11_start_interrupt_server(void (*callback)(char* handle)); int vxi11_stop_interrupt_server(); -int vxi11_docmd(VXI11Context* context, unsigned long cmd, bool waitforlock); +int vxi11_docmd(VXI11Context* context, char* datain, int datainlen, char* dataout, int outbufferlen, int* dataoutlen, + unsigned long cmd, bool waitforlock); int vxi11_close(VXI11Context* context); diff --git a/vxi11_server.c b/vxi11_server.c index 3f1c9da..cb7f600 100644 --- a/vxi11_server.c +++ b/vxi11_server.c @@ -204,10 +204,8 @@ device_write_1_svc(Device_WriteParms *argp, struct svc_req *rqstp) { result.error = ERR_IOTIMEOUT; else { touchlink(argp->lid); - // terminate the data at the length the client has given us.. - // this seems safe but I need check that this doesn't write - // to memory that isn't allocated to the string. - argp->data.data_val[argp->data.data_len] = '\0'; + argp->data.data_val = realloc(argp->data.data_val, argp->data.data_len + 1); // realloc to get an extra byte + argp->data.data_val[argp->data.data_len] = '\0'; // #ifdef DEBUG int n; char *str = argp->data.data_val; @@ -247,7 +245,7 @@ device_read_1_svc(Device_ReadParms *argp, struct svc_req *rqstp) { else { touchlink(argp->lid); if (globals.Registers.pending_output_message != NULL) { - result.data.data_len = strlen(globals.Registers.pending_output_message) + 1; + result.data.data_len = strlen(globals.Registers.pending_output_message); result.data.data_val = globals.Registers.pending_output_message; globals.Registers.pending_output_message = NULL; #ifdef DEBUG @@ -440,6 +438,7 @@ device_enable_srq_1_svc(Device_EnableSrqParms *argp, struct svc_req *rqstp) { Device_DocmdResp * device_docmd_1_svc(Device_DocmdParms *argp, struct svc_req *rqstp) { static Device_DocmdResp result; + memset(&result, 0, sizeof(result)); #ifdef DEBUG printf("device_docmd_1_svc()\n"); #endif @@ -449,8 +448,6 @@ device_docmd_1_svc(Device_DocmdParms *argp, struct svc_req *rqstp) { result.error = ERR_DEVICELOCKEDBYANOTHERLINK; else { touchlink(argp->lid); - result.data_out.data_out_len = 0; - result.data_out.data_out_val = NULL; result.error = ERR_OPERATIONNOTSUPPORTED; } return &result; -- cgit