diff --git a/src/or/buffers.c b/src/or/buffers.c
index 8f1bba2410..6a74f0d570 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1398,6 +1398,22 @@ peek_buf_has_control0_command(buf_t *buf)
return 0;
}
+/** DOCDOC */
+static int
+buf_find_offset_of_char(buf_t *buf, char ch)
+{
+ chunk_t *chunk;
+ int offset = 0;
+ for (chunk = buf->head; chunk; chunk = chunk->next) {
+ char *cp = memchr(chunk->data, ch, chunk->datalen);
+ if (cp)
+ return offset + (cp - chunk->data);
+ else
+ offset += chunk->datalen;
+ }
+ return -1;
+}
+
/** Try to read a single LF-terminated line from buf, and write it,
* NUL-terminated, into the *data_len byte buffer at data_out.
* Set *data_len to the number of bytes in the line, not counting the
@@ -1408,21 +1424,18 @@ peek_buf_has_control0_command(buf_t *buf)
int
fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len)
{
- char *cp;
size_t sz;
+ int offset;
if (!buf->head)
return 0;
- /* XXXX020 pull up less aggressively. And implement setting *data_len
- * properly in cases where we return -1. */
- buf_pullup(buf, *data_len, 0);
- cp = memchr(buf->head->data, '\n', buf->head->datalen);
- if (!cp) {
+
+ offset = buf_find_offset_of_char(buf, '\n');
+ if (offset < 0)
return 0;
- }
- sz = cp - buf->head->data;
+ sz = (size_t) offset;
if (sz+2 > *data_len) {
- *data_len = sz+2;
+ *data_len = sz + 2;
return -1;
}
fetch_from_buf(data_out, sz+1, buf);
diff --git a/src/or/control.c b/src/or/control.c
index c91890cf6c..39deb8d266 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -2631,10 +2631,11 @@ connection_control_process_inbuf(control_connection_t *conn)
/* Line not all here yet. Wait. */
return 0;
else if (r == -1) {
- while (conn->incoming_cmd_len < data_len+conn->incoming_cmd_cur_len)
- conn->incoming_cmd_len *= 2;
- conn->incoming_cmd = tor_realloc(conn->incoming_cmd,
- conn->incoming_cmd_len);
+ /*XXXX020 impose some maximum on length! */
+ while (conn->incoming_cmd_len < data_len+conn->incoming_cmd_cur_len)
+ conn->incoming_cmd_len *= 2;
+ conn->incoming_cmd = tor_realloc(conn->incoming_cmd,
+ conn->incoming_cmd_len);
}
} while (r != 1);