(nscd_run): Check early for invalid request types.

diff --git a/nscd/connections.c b/nscd/connections.c
index c3100816dff64da5656ed9ed82ed0637c5886a1c..53e258b498bc3ec9149ee7542936239f876f84ef 100644 (file)
--- a/nscd/connections.c
+++ b/nscd/connections.c
@@ -786,6 +786,10 @@ nscd_run (void *p)
          continue;
        }
 
+      /* Check whether this is a valid request type.  */
+      if (req.type < GETPWBYNAME || req.type >= LASTREQ)
+       goto close_and_out;
+
       /* Some systems have no SO_PEERCRED implementation.  They don't
         care about security so we don't as well.  */
 #ifdef SO_PEERCRED
@@ -798,8 +802,7 @@ nscd_run (void *p)
            {
              dbg_log (_("error getting callers id: %s"),
                       strerror_r (errno, buf, sizeof (buf)));
-             close (fd);
-             continue;
+             goto close_and_out;
            }
 
          if (req.type < GETPWBYNAME || req.type > LASTDBREQ
@@ -825,8 +828,6 @@ nscd_run (void *p)
        {
          if (debug_level > 0)
            dbg_log (_("key length in request too long: %d"), req.key_len);
-         close (fd);
-         continue;
        }
       else
        {
@@ -859,11 +860,12 @@ handle_request: request received (Version = %d)"), req.version);
 
          /* Phew, we got all the data, now process it.  */
          handle_request (fd, &req, keybuf, uid);
-
-         /* We are done.  */
-         close (fd);
        }
 
+    close_and_out:
+      /* We are done.  */
+      close (fd);
+
       /* Just determine whether any data is present.  We do this to
         measure whether clients are queued up.  */
     try_get: