=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/tmux/server-client.c,v retrieving revision 1.107 retrieving revision 1.108 diff -c -r1.107 -r1.108 *** src/usr.bin/tmux/server-client.c 2013/10/10 12:13:29 1.107 --- src/usr.bin/tmux/server-client.c 2013/10/10 12:13:56 1.108 *************** *** 1,4 **** ! /* $OpenBSD: server-client.c,v 1.107 2013/10/10 12:13:29 nicm Exp $ */ /* * Copyright (c) 2009 Nicholas Marriott --- 1,4 ---- ! /* $OpenBSD: server-client.c,v 1.108 2013/10/10 12:13:56 nicm Exp $ */ /* * Copyright (c) 2009 Nicholas Marriott *************** *** 40,46 **** int server_client_assume_paste(struct session *); int server_client_msg_dispatch(struct client *); ! void server_client_msg_command(struct client *, struct msg_command_data *); void server_client_msg_identify( struct client *, struct msg_identify_data *, int); void server_client_msg_shell(struct client *); --- 40,46 ---- int server_client_assume_paste(struct session *); int server_client_msg_dispatch(struct client *); ! void server_client_msg_command(struct client *, struct imsg *); void server_client_msg_identify( struct client *, struct msg_identify_data *, int); void server_client_msg_shell(struct client *); *************** *** 786,795 **** server_client_msg_dispatch(struct client *c) { struct imsg imsg; - struct msg_command_data commanddata; struct msg_identify_data identifydata; struct msg_environ_data environdata; struct msg_stdin_data stdindata; ssize_t n, datalen; if ((n = imsg_read(&c->ibuf)) == -1 || n == 0) --- 786,795 ---- server_client_msg_dispatch(struct client *c) { struct imsg imsg; struct msg_identify_data identifydata; struct msg_environ_data environdata; struct msg_stdin_data stdindata; + const char *data; ssize_t n, datalen; if ((n = imsg_read(&c->ibuf)) == -1 || n == 0) *************** *** 800,805 **** --- 800,807 ---- return (-1); if (n == 0) return (0); + + data = imsg.data; datalen = imsg.hdr.len - IMSG_HEADER_SIZE; if (imsg.hdr.peerid != PROTOCOL_VERSION) { *************** *** 811,823 **** log_debug("got %d from client %d", imsg.hdr.type, c->ibuf.fd); switch (imsg.hdr.type) { - case MSG_COMMAND: - if (datalen != sizeof commanddata) - fatalx("bad MSG_COMMAND size"); - memcpy(&commanddata, imsg.data, sizeof commanddata); - - server_client_msg_command(c, &commanddata); - break; case MSG_IDENTIFY: if (datalen != sizeof identifydata) fatalx("bad MSG_IDENTIFY size"); --- 813,818 ---- *************** *** 825,834 **** server_client_msg_identify(c, &identifydata, imsg.fd); break; case MSG_STDIN: if (datalen != sizeof stdindata) fatalx("bad MSG_STDIN size"); ! memcpy(&stdindata, imsg.data, sizeof stdindata); if (c->stdin_callback == NULL) break; --- 820,832 ---- server_client_msg_identify(c, &identifydata, imsg.fd); break; + case MSG_COMMAND: + server_client_msg_command(c, &imsg); + break; case MSG_STDIN: if (datalen != sizeof stdindata) fatalx("bad MSG_STDIN size"); ! memcpy(&stdindata, data, sizeof stdindata); if (c->stdin_callback == NULL) break; *************** *** 903,917 **** /* Handle command message. */ void ! server_client_msg_command(struct client *c, struct msg_command_data *data) { ! struct cmd_list *cmdlist = NULL; ! int argc; ! char **argv, *cause; ! argc = data->argc; ! data->argv[(sizeof data->argv) - 1] = '\0'; ! if (cmd_unpack_argv(data->argv, sizeof data->argv, argc, &argv) != 0) { cmdq_error(c->cmdq, "command too long"); goto error; } --- 901,926 ---- /* Handle command message. */ void ! server_client_msg_command(struct client *c, struct imsg *imsg) { ! struct msg_command_data data; ! char *buf; ! size_t len; ! struct cmd_list *cmdlist = NULL; ! int argc; ! char **argv, *cause; ! if (imsg->hdr.len - IMSG_HEADER_SIZE < sizeof data) ! fatalx("bad MSG_COMMAND size"); ! memcpy(&data, imsg->data, sizeof data); ! ! buf = (char*)imsg->data + sizeof data; ! len = imsg->hdr.len - IMSG_HEADER_SIZE - sizeof data; ! if (len > 0 && buf[len - 1] != '\0') ! fatalx("bad MSG_COMMAND string"); ! ! argc = data.argc; ! if (cmd_unpack_argv(buf, len, argc, &argv) != 0) { cmdq_error(c->cmdq, "command too long"); goto error; }