Fixed CORE-4630: Segfault in server caused by bad packet

src/remote/protocol.cpp

@@ -398,6 +398,8 @@ bool_t xdr_protocol(XDR* xdrs, PACKET* p)
 		MAP(xdr_short, reinterpret_cast<SSHORT&>(response->p_resp_object));
 		MAP(xdr_quad, response->p_resp_blob_id);
 		MAP(xdr_cstring, response->p_resp_data);
+		if (!response->p_resp_status_vector)	// incorrectly called - packet not prepared
+			return P_FALSE(xdrs, p);
 		return xdr_status_vector(xdrs, response->p_resp_status_vector) ?
 								 	P_TRUE(xdrs, p) : P_FALSE(xdrs, p);
 
@@ -1652,9 +1654,12 @@ static bool_t xdr_status_vector(XDR* xdrs, ISC_STATUS* vector)
 
 	SLONG vec;
 	SCHAR* sp = NULL;
+	ISC_STATUS* const end = &vector[ISC_STATUS_LENGTH];
 
 	while (true)
 	{
+		if (vector >= end)
+			return FALSE;
 		if (xdrs->x_op == XDR_ENCODE)
 			vec = (SLONG) * vector++;
 		if (!xdr_long(xdrs, &vec))
@@ -1670,6 +1675,8 @@ static bool_t xdr_status_vector(XDR* xdrs, ISC_STATUS* vector)
 		case isc_arg_interpreted:
 		case isc_arg_string:
 		case isc_arg_sql_state:
+			if (vector >= end)
+				return FALSE;
 			if (xdrs->x_op == XDR_ENCODE)
 			{
 				if (!xdr_wrapstring(xdrs, reinterpret_cast<SCHAR**>(vector++)))
@@ -1700,6 +1707,8 @@ static bool_t xdr_status_vector(XDR* xdrs, ISC_STATUS* vector)
 
 		case isc_arg_number:
 		default:
+			if (vector >= end)
+				return FALSE;
 			if (xdrs->x_op == XDR_ENCODE)
 				vec = (SLONG) * vector++;
 			if (!xdr_long(xdrs, &vec))