From 46045e41ea97a354a415145383ce6b712ea4372c Mon Sep 17 00:00:00 2001
From: Fritz Elfert <felfert@to.com>
Date: Fri, 2 Mar 2001 02:56:52 +0000
Subject: Fixed a nasty bug in fread() which reads garbage when called with a
 length parameter > RFSV_SENDLEN. Exploited by plpnfsd which is currently the
 only app doing large reads. Thanks to rrt1001@cam.ac.uk for his bug-report.

---
 lib/rfsv32.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/rfsv32.cc')

diff --git a/lib/rfsv32.cc b/lib/rfsv32.cc
index 2dc5fbb..7849d97 100644
--- a/lib/rfsv32.cc
+++ b/lib/rfsv32.cc
@@ -441,7 +441,7 @@ fread(const u_int32_t handle, unsigned char * const buf, const u_int32_t len, u_
 	if ((l = a.getLen()) > 0) {
 	    memcpy(p, a.getString(), l);
 	    count += l;
-	    p += res;
+	    p += l;
 	}
     } while ((count < len) && (l > 0));
     return res;
-- 
cgit v1.2.3