Applied patch by Kirstenlee Cinquetti for SNOW-493: LLDataPackerBinaryBuffer::unpack*() check for buffer overflow, then read buffer regardless

author: McCabe Maxsted 2010-05-26 18:59:10 -0700
committer: Jacek Antonelli 2010-06-19 02:43:01 -0500
commit: 9d53cda6daf74a21bffabdeb3a6960ff7064616e (patch)
tree: 24d7b74ba2b62c54e22ae8b7bdb323aedded8fab /linden/indra
parent: Updated patch to SNOW-492 (76937222) to Merov Linden's SNOW-492-2.patch (diff)
download: meta-impy-9d53cda6daf74a21bffabdeb3a6960ff7064616e.zip
meta-impy-9d53cda6daf74a21bffabdeb3a6960ff7064616e.tar.gz
meta-impy-9d53cda6daf74a21bffabdeb3a6960ff7064616e.tar.bz2
meta-impy-9d53cda6daf74a21bffabdeb3a6960ff7064616e.tar.xz
1 files changed, 156 insertions, 57 deletions
diff --git a/linden/indra/llmessage/lldatapacker.cpp b/linden/indra/llmessage/lldatapacker.cpp
index dc7efae..b746b5a 100644
--- a/linden/indra/llmessage/lldatapacker.cpp
+++ b/linden/indra/llmessage/lldatapacker.cpp
@@ -206,7 +206,7 @@ BOOL LLDataPackerBinaryBuffer::unpackString(std::string& value, const char *name
        if (length > max_length)
        {
-                llwarns << "Buffer overflow in BinaryBuffer unpackString, field name " << name << "!" << llendl;
+                llwarns << "Buffer overflow in BinaryBuffer unpackString, field name, possible client exploit " << name << "!" << llendl;
                llwarns << "Null termination not found" << llendl;
                llwarns << "Current pos in buffer: " << (int)(mCurBufferp - mBufferp) << " Buffer size: " << mBufferSize << llendl;
                return false;
@@ -238,22 +238,33 @@ BOOL LLDataPackerBinaryBuffer::packBinaryData(const U8 *value, S32 size, const c
 BOOL LLDataPackerBinaryBuffer::unpackBinaryData(U8 *value, S32 &size, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(4, name);
+    if(!verifyLength(sizeof(4), name))
+        {
+                     llwarns << "BAD data unpack U8 BinaryData 4" << llendl;
+             return false;
+        }
+        else
+        {
        htonmemcpy(&size, mCurBufferp, MVT_S32, 4);
        mCurBufferp += 4;
-        success &= verifyLength(size, name);
+        
-        if (success)
+        }
+        
+    if(!verifyLength(sizeof(size), name))
        {
-                htonmemcpy(value, mCurBufferp, MVT_VARIABLE, size);
+                llwarns << "BAD data unpack S32 BinaryData Size" << llendl;
-                mCurBufferp += size;
+        return false;
        }
        else
        {
-                llwarns << "LLDataPackerBinaryBuffer::unpackBinaryData would unpack invalid data, aborting!" << llendl;
+                htonmemcpy(value, mCurBufferp, MVT_VARIABLE, size);
-                success = FALSE;
+                mCurBufferp += size;
+                return true;
        }
-        return success;
+        
 }
@@ -273,11 +284,18 @@ BOOL LLDataPackerBinaryBuffer::packBinaryDataFixed(const U8 *value, S32 size, co
 BOOL LLDataPackerBinaryBuffer::unpackBinaryDataFixed(U8 *value, S32 size, const char *name)
 {
-        BOOL success = TRUE;
+     if(!verifyLength(sizeof(size), name))
-        success &= verifyLength(size, name);
+        {
+                llwarns << "BAD data unpack BinaryDataFixed" << llendl;
+                return false;
+        }
+        else
+        {
        htonmemcpy(value, mCurBufferp, MVT_VARIABLE, size);
        mCurBufferp += size;
-        return success;
+        return true;
+        }
 }
@@ -297,12 +315,19 @@ BOOL LLDataPackerBinaryBuffer::packU8(const U8 value, const char *name)
 BOOL LLDataPackerBinaryBuffer::unpackU8(U8 &value, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(sizeof(U8), name);
+        if(!verifyLength(sizeof(U8), name))
+        {
+                llwarns << "BAD data unpack U8" << llendl;
+                return false;
+        }
+        else
+        {
        value = *mCurBufferp;
        mCurBufferp++;
-        return success;
+        return true;
+        }
 }
@@ -322,12 +347,19 @@ BOOL LLDataPackerBinaryBuffer::packU16(const U16 value, const char *name)
 BOOL LLDataPackerBinaryBuffer::unpackU16(U16 &value, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(sizeof(U16), name);
+        if(!verifyLength(sizeof(U16), name))
+        {
+         llwarns << "BAD data unpack U16" << llendl;
+                return false;
+        }
+        else
+        {
        htonmemcpy(&value, mCurBufferp, MVT_U16, 2);
        mCurBufferp += 2;
-        return success;
+        return true;
+        }
 }
@@ -347,12 +379,20 @@ BOOL LLDataPackerBinaryBuffer::packU32(const U32 value, const char *name)
 BOOL LLDataPackerBinaryBuffer::unpackU32(U32 &value, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(sizeof(U32), name);
+        if(!verifyLength(sizeof(U32), name))
+        {
+                     llwarns << "BAD data unpack U32" << llendl;
+             return false;
+        }
+        else
+        {
        htonmemcpy(&value, mCurBufferp, MVT_U32, 4);
        mCurBufferp += 4;
-        return success;
+        return true;
+        }
+   
 }
@@ -372,12 +412,19 @@ BOOL LLDataPackerBinaryBuffer::packS32(const S32 value, const char *name)
 BOOL LLDataPackerBinaryBuffer::unpackS32(S32 &value, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(sizeof(S32), name);
+        if(!verifyLength(sizeof(S32), name))
+        {
+                llwarns << "BAD data unpack S32" << llendl;
+                return false;
+        }
+        else
+        {
        htonmemcpy(&value, mCurBufferp, MVT_S32, 4);
        mCurBufferp += 4;
-        return success;
+        return true;
+        }
+   
 }
@@ -397,12 +444,18 @@ BOOL LLDataPackerBinaryBuffer::packF32(const F32 value, const char *name)
 BOOL LLDataPackerBinaryBuffer::unpackF32(F32 &value, const char *name)
 {
-        BOOL success = TRUE;
+        if(!verifyLength(sizeof(F32), name))
-        success &= verifyLength(sizeof(F32), name);
+        {
+                llwarns << "BAD data unpack F32" << llendl;
+                return false;
+        }
+        else
+        {
        htonmemcpy(&value, mCurBufferp, MVT_F32, 4);
        mCurBufferp += 4;
-        return success;
+        return true;
+        } 
 }
@@ -422,12 +475,19 @@ BOOL LLDataPackerBinaryBuffer::packColor4(const LLColor4 &value, const char *nam
 BOOL LLDataPackerBinaryBuffer::unpackColor4(LLColor4 &value, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(16, name);
+        if(!verifyLength(16, name))
+        {
+        llwarns << "BAD data unpack Color4" << llendl;
+                return false;
+        }
+        else
+        {
        htonmemcpy(value.mV, mCurBufferp, MVT_LLVector4, 16);
        mCurBufferp += 16;
-        return success;
+        return true;
+        }
 }
@@ -447,12 +507,19 @@ BOOL LLDataPackerBinaryBuffer::packColor4U(const LLColor4U &value, const char *n
 BOOL LLDataPackerBinaryBuffer::unpackColor4U(LLColor4U &value, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(4, name);
+        if(!verifyLength(4, name))
+        {
+        llwarns << "BAD data unpack color4U" << llendl;
+                return false;
+        }
+        else
+        {
        htonmemcpy(value.mV, mCurBufferp, MVT_VARIABLE, 4);
        mCurBufferp += 4;
-        return success;
+        return true;
+        }
 }
@@ -474,13 +541,20 @@ BOOL LLDataPackerBinaryBuffer::packVector2(const LLVector2 &value, const char *n
 BOOL LLDataPackerBinaryBuffer::unpackVector2(LLVector2 &value, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(8, name);
+        if(!verifyLength(8, name))
+        {
+        llwarns << "BAD data unpack Vector2" << llendl;
+                return false;
+        }
+        else
+        {        
        htonmemcpy(&value.mV[0], mCurBufferp, MVT_F32, 4);
        htonmemcpy(&value.mV[1], mCurBufferp+4, MVT_F32, 4);
        mCurBufferp += 8;
-        return success;
+        return true;
+        }
 }
@@ -500,12 +574,18 @@ BOOL LLDataPackerBinaryBuffer::packVector3(const LLVector3 &value, const char *n
 BOOL LLDataPackerBinaryBuffer::unpackVector3(LLVector3 &value, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(12, name);
+        if(!verifyLength(12, name))
+        {
+                llwarns << "BAD data unpack Vecotr3" << llendl;
+                return false;
+        }
+        else
+        {
        htonmemcpy(value.mV, mCurBufferp, MVT_LLVector3, 12);
        mCurBufferp += 12;
-        return success;
+        return true;
+        }
 }
 BOOL LLDataPackerBinaryBuffer::packVector4(const LLVector4 &value, const char *name)
@@ -524,12 +604,19 @@ BOOL LLDataPackerBinaryBuffer::packVector4(const LLVector4 &value, const char *n
 BOOL LLDataPackerBinaryBuffer::unpackVector4(LLVector4 &value, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(16, name);
+        if(!verifyLength(16, name))
+        {
+                llwarns << "BAD data unpack Vector4" << llendl;
+                return false;
+        }
+        else
+        {
        htonmemcpy(value.mV, mCurBufferp, MVT_LLVector4, 16);
        mCurBufferp += 16;
-        return success;
+        return true;
+        }
 }
 BOOL LLDataPackerBinaryBuffer::packUUID(const LLUUID &value, const char *name)
@@ -548,12 +635,19 @@ BOOL LLDataPackerBinaryBuffer::packUUID(const LLUUID &value, const char *name)
 BOOL LLDataPackerBinaryBuffer::unpackUUID(LLUUID &value, const char *name)
 {
-        BOOL success = TRUE;
+        
-        success &= verifyLength(16, name);
+        if(!verifyLength(16, name))
+        {
+                 llwarns << "BAD data unpack UUID" << llendl;
+                return false;
+        }
+        else
+        {
        htonmemcpy(value.mData, mCurBufferp, MVT_LLUUID, 16);
        mCurBufferp += 16;
-        return success;
+        return true;
+        }
 }
 const LLDataPackerBinaryBuffer& LLDataPackerBinaryBuffer::operator=(const LLDataPackerBinaryBuffer &a)
@@ -1913,7 +2007,12 @@ BOOL LLDataPackerAsciiFile::getValueStr(const char *name, char *out_value, S32 v
        if (mFP)
        {
                fpos_t last_pos;
-                fgetpos(mFP, &last_pos);
+                if (0 != fgetpos(mFP, &last_pos)) // 0==success for fgetpos
+                {
+                        llwarns << "Data packer failed to fgetpos" << llendl;
+                        return FALSE;
+                }
                if (fgets(buffer, DP_BUFSIZE, mFP) == NULL)
                {
                        buffer[0] = '\0';
author	McCabe Maxsted	2010-05-26 18:59:10 -0700
committer	Jacek Antonelli	2010-06-19 02:43:01 -0500
commit	9d53cda6daf74a21bffabdeb3a6960ff7064616e (patch)
tree	24d7b74ba2b62c54e22ae8b7bdb323aedded8fab /linden/indra
parent	Updated patch to SNOW-492 (76937222) to Merov Linden's SNOW-492-2.patch (diff)
download	meta-impy-9d53cda6daf74a21bffabdeb3a6960ff7064616e.zip meta-impy-9d53cda6daf74a21bffabdeb3a6960ff7064616e.tar.gz meta-impy-9d53cda6daf74a21bffabdeb3a6960ff7064616e.tar.bz2 meta-impy-9d53cda6daf74a21bffabdeb3a6960ff7064616e.tar.xz

diff --git a/linden/indra/llmessage/lldatapacker.cpp b/linden/indra/llmessage/lldatapacker.cpp index dc7efae..b746b5a 100644 --- a/linden/indra/llmessage/lldatapacker.cpp +++ b/linden/indra/llmessage/lldatapacker.cpp
@@ -206,7 +206,7 @@ BOOL LLDataPackerBinaryBuffer::unpackString(std::string& value, const char *name
206		206
207	if (length > max_length)	207	if (length > max_length)
208	{	208	{
209	llwarns << "Buffer overflow in BinaryBuffer unpackString, field name " << name << "!" << llendl;	209	llwarns << "Buffer overflow in BinaryBuffer unpackString, field name, possible client exploit " << name << "!" << llendl;
210	llwarns << "Null termination not found" << llendl;	210	llwarns << "Null termination not found" << llendl;
211	llwarns << "Current pos in buffer: " << (int)(mCurBufferp - mBufferp) << " Buffer size: " << mBufferSize << llendl;	211	llwarns << "Current pos in buffer: " << (int)(mCurBufferp - mBufferp) << " Buffer size: " << mBufferSize << llendl;
212	return false;	212	return false;
@@ -238,22 +238,33 @@ BOOL LLDataPackerBinaryBuffer::packBinaryData(const U8 *value, S32 size, const c
238		238
239	BOOL LLDataPackerBinaryBuffer::unpackBinaryData(U8 value, S32 &size, const char name)	239	BOOL LLDataPackerBinaryBuffer::unpackBinaryData(U8 value, S32 &size, const char name)
240	{	240	{
241	BOOL success = TRUE;	241
242	success &= verifyLength(4, name);	242
		243	if(!verifyLength(sizeof(4), name))
		244	{
		245	llwarns << "BAD data unpack U8 BinaryData 4" << llendl;
		246	return false;
		247	}
		248	else
		249	{
243	htonmemcpy(&size, mCurBufferp, MVT_S32, 4);	250	htonmemcpy(&size, mCurBufferp, MVT_S32, 4);
244	mCurBufferp += 4;	251	mCurBufferp += 4;
245	success &= verifyLength(size, name);	252
246	if (success)	253	}
		254
		255
		256	if(!verifyLength(sizeof(size), name))
247	{	257	{
248	htonmemcpy(value, mCurBufferp, MVT_VARIABLE, size);	258	llwarns << "BAD data unpack S32 BinaryData Size" << llendl;
249	mCurBufferp += size;	259	return false;
250	}	260	}
251	else	261	else
252	{	262	{
253	llwarns << "LLDataPackerBinaryBuffer::unpackBinaryData would unpack invalid data, aborting!" << llendl;	263	htonmemcpy(value, mCurBufferp, MVT_VARIABLE, size);
254	success = FALSE;	264	mCurBufferp += size;
		265	return true;
255	}	266	}
256	return success;	267
257	}	268	}
258		269
259		270
@@ -273,11 +284,18 @@ BOOL LLDataPackerBinaryBuffer::packBinaryDataFixed(const U8 *value, S32 size, co
273		284
274	BOOL LLDataPackerBinaryBuffer::unpackBinaryDataFixed(U8 value, S32 size, const char name)	285	BOOL LLDataPackerBinaryBuffer::unpackBinaryDataFixed(U8 value, S32 size, const char name)
275	{	286	{
276	BOOL success = TRUE;	287	if(!verifyLength(sizeof(size), name))
277	success &= verifyLength(size, name);	288	{
		289	llwarns << "BAD data unpack BinaryDataFixed" << llendl;
		290	return false;
		291	}
		292	else
		293	{
278	htonmemcpy(value, mCurBufferp, MVT_VARIABLE, size);	294	htonmemcpy(value, mCurBufferp, MVT_VARIABLE, size);
279	mCurBufferp += size;	295	mCurBufferp += size;
280	return success;	296	return true;
		297	}
		298
281	}	299	}
282		300
283		301
@@ -297,12 +315,19 @@ BOOL LLDataPackerBinaryBuffer::packU8(const U8 value, const char *name)
297		315
298	BOOL LLDataPackerBinaryBuffer::unpackU8(U8 &value, const char *name)	316	BOOL LLDataPackerBinaryBuffer::unpackU8(U8 &value, const char *name)
299	{	317	{
300	BOOL success = TRUE;	318
301	success &= verifyLength(sizeof(U8), name);	319	if(!verifyLength(sizeof(U8), name))
302		320	{
		321	llwarns << "BAD data unpack U8" << llendl;
		322	return false;
		323	}
		324	else
		325	{
303	value = *mCurBufferp;	326	value = *mCurBufferp;
304	mCurBufferp++;	327	mCurBufferp++;
305	return success;	328	return true;
		329	}
		330
306	}	331	}
307		332
308		333
@@ -322,12 +347,19 @@ BOOL LLDataPackerBinaryBuffer::packU16(const U16 value, const char *name)
322		347
323	BOOL LLDataPackerBinaryBuffer::unpackU16(U16 &value, const char *name)	348	BOOL LLDataPackerBinaryBuffer::unpackU16(U16 &value, const char *name)
324	{	349	{
325	BOOL success = TRUE;	350
326	success &= verifyLength(sizeof(U16), name);	351	if(!verifyLength(sizeof(U16), name))
327		352	{
		353	llwarns << "BAD data unpack U16" << llendl;
		354	return false;
		355	}
		356	else
		357	{
328	htonmemcpy(&value, mCurBufferp, MVT_U16, 2);	358	htonmemcpy(&value, mCurBufferp, MVT_U16, 2);
329	mCurBufferp += 2;	359	mCurBufferp += 2;
330	return success;	360	return true;
		361	}
		362
331	}	363	}
332		364
333		365
@@ -347,12 +379,20 @@ BOOL LLDataPackerBinaryBuffer::packU32(const U32 value, const char *name)
347		379
348	BOOL LLDataPackerBinaryBuffer::unpackU32(U32 &value, const char *name)	380	BOOL LLDataPackerBinaryBuffer::unpackU32(U32 &value, const char *name)
349	{	381	{
350	BOOL success = TRUE;	382
351	success &= verifyLength(sizeof(U32), name);	383	if(!verifyLength(sizeof(U32), name))
		384	{
		385	llwarns << "BAD data unpack U32" << llendl;
		386	return false;
		387	}
		388	else
		389	{
352		390
353	htonmemcpy(&value, mCurBufferp, MVT_U32, 4);	391	htonmemcpy(&value, mCurBufferp, MVT_U32, 4);
354	mCurBufferp += 4;	392	mCurBufferp += 4;
355	return success;	393	return true;
		394	}
		395
356	}	396	}
357		397
358		398
@@ -372,12 +412,19 @@ BOOL LLDataPackerBinaryBuffer::packS32(const S32 value, const char *name)
372		412
373	BOOL LLDataPackerBinaryBuffer::unpackS32(S32 &value, const char *name)	413	BOOL LLDataPackerBinaryBuffer::unpackS32(S32 &value, const char *name)
374	{	414	{
375	BOOL success = TRUE;	415
376	success &= verifyLength(sizeof(S32), name);	416	if(!verifyLength(sizeof(S32), name))
377		417	{
		418	llwarns << "BAD data unpack S32" << llendl;
		419	return false;
		420	}
		421	else
		422	{
378	htonmemcpy(&value, mCurBufferp, MVT_S32, 4);	423	htonmemcpy(&value, mCurBufferp, MVT_S32, 4);
379	mCurBufferp += 4;	424	mCurBufferp += 4;
380	return success;	425	return true;
		426	}
		427
381	}	428	}
382		429
383		430
@@ -397,12 +444,18 @@ BOOL LLDataPackerBinaryBuffer::packF32(const F32 value, const char *name)
397		444
398	BOOL LLDataPackerBinaryBuffer::unpackF32(F32 &value, const char *name)	445	BOOL LLDataPackerBinaryBuffer::unpackF32(F32 &value, const char *name)
399	{	446	{
400	BOOL success = TRUE;	447	if(!verifyLength(sizeof(F32), name))
401	success &= verifyLength(sizeof(F32), name);	448	{
402		449	llwarns << "BAD data unpack F32" << llendl;
		450	return false;
		451	}
		452	else
		453	{
403	htonmemcpy(&value, mCurBufferp, MVT_F32, 4);	454	htonmemcpy(&value, mCurBufferp, MVT_F32, 4);
404	mCurBufferp += 4;	455	mCurBufferp += 4;
405	return success;	456	return true;
		457	}
		458
406	}	459	}
407		460
408		461
@@ -422,12 +475,19 @@ BOOL LLDataPackerBinaryBuffer::packColor4(const LLColor4 &value, const char *nam
422		475
423	BOOL LLDataPackerBinaryBuffer::unpackColor4(LLColor4 &value, const char *name)	476	BOOL LLDataPackerBinaryBuffer::unpackColor4(LLColor4 &value, const char *name)
424	{	477	{
425	BOOL success = TRUE;	478
426	success &= verifyLength(16, name);	479	if(!verifyLength(16, name))
427		480	{
		481	llwarns << "BAD data unpack Color4" << llendl;
		482	return false;
		483	}
		484	else
		485	{
428	htonmemcpy(value.mV, mCurBufferp, MVT_LLVector4, 16);	486	htonmemcpy(value.mV, mCurBufferp, MVT_LLVector4, 16);
429	mCurBufferp += 16;	487	mCurBufferp += 16;
430	return success;	488	return true;
		489	}
		490
431	}	491	}
432		492
433		493
@@ -447,12 +507,19 @@ BOOL LLDataPackerBinaryBuffer::packColor4U(const LLColor4U &value, const char *n
447		507
448	BOOL LLDataPackerBinaryBuffer::unpackColor4U(LLColor4U &value, const char *name)	508	BOOL LLDataPackerBinaryBuffer::unpackColor4U(LLColor4U &value, const char *name)
449	{	509	{
450	BOOL success = TRUE;	510
451	success &= verifyLength(4, name);	511	if(!verifyLength(4, name))
452		512	{
		513	llwarns << "BAD data unpack color4U" << llendl;
		514	return false;
		515	}
		516	else
		517	{
453	htonmemcpy(value.mV, mCurBufferp, MVT_VARIABLE, 4);	518	htonmemcpy(value.mV, mCurBufferp, MVT_VARIABLE, 4);
454	mCurBufferp += 4;	519	mCurBufferp += 4;
455	return success;	520	return true;
		521	}
		522
456	}	523	}
457		524
458		525
@@ -474,13 +541,20 @@ BOOL LLDataPackerBinaryBuffer::packVector2(const LLVector2 &value, const char *n
474		541
475	BOOL LLDataPackerBinaryBuffer::unpackVector2(LLVector2 &value, const char *name)	542	BOOL LLDataPackerBinaryBuffer::unpackVector2(LLVector2 &value, const char *name)
476	{	543	{
477	BOOL success = TRUE;	544
478	success &= verifyLength(8, name);	545	if(!verifyLength(8, name))
479		546	{
		547	llwarns << "BAD data unpack Vector2" << llendl;
		548	return false;
		549	}
		550	else
		551	{
480	htonmemcpy(&value.mV[0], mCurBufferp, MVT_F32, 4);	552	htonmemcpy(&value.mV[0], mCurBufferp, MVT_F32, 4);
481	htonmemcpy(&value.mV[1], mCurBufferp+4, MVT_F32, 4);	553	htonmemcpy(&value.mV[1], mCurBufferp+4, MVT_F32, 4);
482	mCurBufferp += 8;	554	mCurBufferp += 8;
483	return success;	555	return true;
		556	}
		557
484	}	558	}
485		559
486		560
@@ -500,12 +574,18 @@ BOOL LLDataPackerBinaryBuffer::packVector3(const LLVector3 &value, const char *n
500		574
501	BOOL LLDataPackerBinaryBuffer::unpackVector3(LLVector3 &value, const char *name)	575	BOOL LLDataPackerBinaryBuffer::unpackVector3(LLVector3 &value, const char *name)
502	{	576	{
503	BOOL success = TRUE;	577
504	success &= verifyLength(12, name);	578	if(!verifyLength(12, name))
505		579	{
		580	llwarns << "BAD data unpack Vecotr3" << llendl;
		581	return false;
		582	}
		583	else
		584	{
506	htonmemcpy(value.mV, mCurBufferp, MVT_LLVector3, 12);	585	htonmemcpy(value.mV, mCurBufferp, MVT_LLVector3, 12);
507	mCurBufferp += 12;	586	mCurBufferp += 12;
508	return success;	587	return true;
		588	}
509	}	589	}
510		590
511	BOOL LLDataPackerBinaryBuffer::packVector4(const LLVector4 &value, const char *name)	591	BOOL LLDataPackerBinaryBuffer::packVector4(const LLVector4 &value, const char *name)
@@ -524,12 +604,19 @@ BOOL LLDataPackerBinaryBuffer::packVector4(const LLVector4 &value, const char *n
524		604
525	BOOL LLDataPackerBinaryBuffer::unpackVector4(LLVector4 &value, const char *name)	605	BOOL LLDataPackerBinaryBuffer::unpackVector4(LLVector4 &value, const char *name)
526	{	606	{
527	BOOL success = TRUE;	607
528	success &= verifyLength(16, name);	608	if(!verifyLength(16, name))
529		609	{
		610	llwarns << "BAD data unpack Vector4" << llendl;
		611	return false;
		612	}
		613	else
		614	{
530	htonmemcpy(value.mV, mCurBufferp, MVT_LLVector4, 16);	615	htonmemcpy(value.mV, mCurBufferp, MVT_LLVector4, 16);
531	mCurBufferp += 16;	616	mCurBufferp += 16;
532	return success;	617	return true;
		618	}
		619
533	}	620	}
534		621
535	BOOL LLDataPackerBinaryBuffer::packUUID(const LLUUID &value, const char *name)	622	BOOL LLDataPackerBinaryBuffer::packUUID(const LLUUID &value, const char *name)
@@ -548,12 +635,19 @@ BOOL LLDataPackerBinaryBuffer::packUUID(const LLUUID &value, const char *name)
548		635
549	BOOL LLDataPackerBinaryBuffer::unpackUUID(LLUUID &value, const char *name)	636	BOOL LLDataPackerBinaryBuffer::unpackUUID(LLUUID &value, const char *name)
550	{	637	{
551	BOOL success = TRUE;	638
552	success &= verifyLength(16, name);	639	if(!verifyLength(16, name))
553		640	{
		641	llwarns << "BAD data unpack UUID" << llendl;
		642	return false;
		643	}
		644	else
		645	{
554	htonmemcpy(value.mData, mCurBufferp, MVT_LLUUID, 16);	646	htonmemcpy(value.mData, mCurBufferp, MVT_LLUUID, 16);
555	mCurBufferp += 16;	647	mCurBufferp += 16;
556	return success;	648	return true;
		649	}
		650
557	}	651	}
558		652
559	const LLDataPackerBinaryBuffer& LLDataPackerBinaryBuffer::operator=(const LLDataPackerBinaryBuffer &a)	653	const LLDataPackerBinaryBuffer& LLDataPackerBinaryBuffer::operator=(const LLDataPackerBinaryBuffer &a)
@@ -1913,7 +2007,12 @@ BOOL LLDataPackerAsciiFile::getValueStr(const char name, char out_value, S32 v
1913	if (mFP)	2007	if (mFP)
1914	{	2008	{
1915	fpos_t last_pos;	2009	fpos_t last_pos;
1916	fgetpos(mFP, &last_pos);	2010	if (0 != fgetpos(mFP, &last_pos)) // 0==success for fgetpos
		2011	{
		2012	llwarns << "Data packer failed to fgetpos" << llendl;
		2013	return FALSE;
		2014	}
		2015
1917	if (fgets(buffer, DP_BUFSIZE, mFP) == NULL)	2016	if (fgets(buffer, DP_BUFSIZE, mFP) == NULL)
1918	{	2017	{
1919	buffer[0] = '\0';	2018	buffer[0] = '\0';