backported fix for AV related with too many protocol versions in connect packet

src/remote/protocol.cpp

@@ -305,6 +305,7 @@ bool_t xdr_protocol(XDR* xdrs, PACKET* p)
 		return P_TRUE(xdrs, p);
 
 	case op_connect:
+		{
 			connect = &p->p_cnct;
 			MAP(xdr_enum,
 				reinterpret_cast<xdr_op&>(connect->p_cnct_operation));
@@ -315,9 +316,18 @@ bool_t xdr_protocol(XDR* xdrs, PACKET* p)
 			MAP(xdr_short, reinterpret_cast<SSHORT&>(connect->p_cnct_count));
 
 			MAP(xdr_cstring, connect->p_cnct_user_id);
+
+			const size_t CNCT_VERSIONS = FB_NELEM(connect->p_cnct_versions);
 			for (i = 0, tail = connect->p_cnct_versions;
 				 i < connect->p_cnct_count; i++, tail++)
 			{
+				// ignore the rest of protocols in case of too many suggested versions
+				p_cnct::p_cnct_repeat dummy;
+				if (i >= CNCT_VERSIONS)
+				{
+					tail = &dummy;
+				}
+		
 				MAP(xdr_short,
 					reinterpret_cast<SSHORT&>(tail->p_cnct_version));
 				MAP(xdr_enum,
@@ -327,8 +337,16 @@ bool_t xdr_protocol(XDR* xdrs, PACKET* p)
 				MAP(xdr_short,
 					reinterpret_cast<SSHORT&>(tail->p_cnct_weight));
 			}
+
+			// ignore the rest of protocols in case of too many suggested versions
+			if (connect->p_cnct_count > CNCT_VERSIONS)
+			{
+				connect->p_cnct_count = CNCT_VERSIONS;
+			}
+		
 			DEBUG_PRINTSIZE(xdrs, p->p_operation);
 			return P_TRUE(xdrs, p);
+		}
 
 	case op_accept:
 		accept = &p->p_acpt;