From 65337bec22bb587facaf032feac39a8beb2a09cd Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Thu, 2 Feb 2017 20:53:05 +0100
Subject: [PATCH] aan: check negative message size in header

---
 sys/src/cmd/aan.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/sys/src/cmd/aan.c b/sys/src/cmd/aan.c
index 5f1477087..d61d8a190 100644
--- a/sys/src/cmd/aan.c
+++ b/sys/src/cmd/aan.c
@@ -310,14 +310,11 @@ fromnet(void*)
 			len, n, m, acked, lastacked);
 
 		if (n == 0) {
-			if (m >= 0) {
-				dmessage(1, "fromnet; network closed\n");
-				break;
-			}
-			continue;
-		}
-
-		if (n > Bufsize) {
+			if (m < 0)
+				continue;
+			dmessage(1, "fromnet; network closed\n");
+			break;
+		} else if (n < 0 || n > Bufsize) {
 			dmessage(1, "fromnet; message too big %d > %d\n", n, Bufsize);
 			break;
 		}
@@ -337,6 +334,7 @@ fromnet(void*)
 			dmessage(1, "fromnet; skipping message %d, currently at %d\n", m, inmsg);
 			continue;
 		}			
+		inmsg++;
 
 		// Process the acked list.
 		while(lastacked != acked) {
@@ -352,7 +350,6 @@ fromnet(void*)
 			sendp(empty, rb);
 			lastacked++;
 		} 
-		inmsg++;
 
 		showmsg(1, "fromnet", b);