--- cfengine-2.0.7p3/src/net.c	Wed Apr 23 21:48:13 2003
+++ cfengine-2.0.8p1/src/net.c	Tue Sep  9 08:38:55 2003
@@ -89,7 +89,7 @@
 
 { char proto[9];
   char status;
-  unsigned int len;
+  unsigned int len = 0;
  
 bzero(proto,9);
 
@@ -101,6 +101,13 @@
 sscanf(proto,"%c %u",&status,&len);
 Debug("Transaction Receive [%s][%s]\n",proto,proto+8);
 
+if (len > bufsize - 8)
+   {
+   snprintf(OUTPUT,bufsize,"Bad transaction packet -- too long (%c %d) Proto = %s ",status,len,proto);
+   CfLog(cferror,OUTPUT,"");
+   return -1;
+   }
+
 if (strncmp(proto,"CAUTH",5) == 0)
    {
    Debug("Version 1 protocol connection attempted - no you don't!!\n");
@@ -132,6 +139,12 @@
 
 Debug("RecvSocketStream(%d)\n",toget);
 
+if (toget > bufsize)
+   {
+   CfLog(cferror,"Bad software request for overfull buffer","");
+   return -1;
+   }
+ 
 for (already = 0; already != toget; already += got)
    {
    got = recv(sd,buffer+already,toget-already,0);
@@ -144,7 +157,7 @@
  
    if (got == 0)   /* doesn't happen unless sock is closed */
       {
-      Debug("Transmission empty...\n");
+      Debug("Transmission empty or timed out...\n");
       fraction = 0;
       return already;
       }
@@ -178,6 +191,8 @@
 
 do
    {
+   Debug("Attempting to send %d bytes\n",tosend-already);
+
    sent=send(sd,buffer+already,tosend-already,flags);
    
    switch(sent)
@@ -191,6 +206,7 @@
 	  break;
       }
    }
+
 while(already < tosend);
 
 return already;