From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Tue, 20 Jan 2004 19:30:41 +0000 (+0000)
Subject: Mark Wutzke points out that the comment in sk_proxy_set_frozen()
X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/commitdiff_plain/d9d006d5c2265a2e7f177c776c5edb51f21cbc80

Mark Wutzke points out that the comment in sk_proxy_set_frozen()
states that plug_receive() may recurse back into
sk_proxy_set_frozen() again. Therefore, bufchain_consume() should
have been called _before_ calling plug_receive(), to prevent an
infinite loop overflowing the stack. I can't immediately figure out
under what circumstances this might happen, but it seems an
obviously sensible precaution.


git-svn-id: svn://svn.tartarus.org/sgt/putty@3741 cda61777-01e9-0310-a592-d414129be87e
---

diff --git a/proxy.c b/proxy.c
index 169be0d1..d970b2bf 100644
--- a/proxy.c
+++ b/proxy.c
@@ -161,10 +161,14 @@ static void sk_proxy_set_frozen (Socket s, int is_frozen)
 	 */
         while (!ps->freeze && bufchain_size(&ps->pending_input_data) > 0) {
 	    void *data;
+	    char databuf[512];
 	    int len;
 	    bufchain_prefix(&ps->pending_input_data, &data, &len);
-	    plug_receive(ps->plug, 0, data, len);
+	    if (len > lenof(databuf))
+		len = lenof(databuf);
+	    memcpy(databuf, data, len);
 	    bufchain_consume(&ps->pending_input_data, len);
+	    plug_receive(ps->plug, 0, databuf, len);
 	}
 
 	/* if we're still frozen, we'll have to wait for another