[samuel.thibault@ens-lyon.org: getpeername(fd,NULL,NULL) crashes]
Alfred M. Szmidt
ams@gnu.org
Sun Aug 14 23:04:00 GMT 2005
Roland, can you apply this to libc HEAD?
(all occurences of getpeername(fd, NULL, NULL), should be
getpeername(fd, NULL, &len), where LEN is of type socklen_t, and I
fixed the indentation abit so that the if statement isn't longer than
75 chars)
------- Start of forwarded message -------
Date: Thu, 11 Aug 2005 01:42:41 +0200
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
To: bug-hurd@gnu.org
Subject: getpeername(fd,NULL,NULL) crashes
Hi,
The implementation of getpeername(fd, addr, len) (in
libc/sysdeps/mach/hurd/getpeername.c) performs addr->sa_family = type;
without checking that *len is big enough, so that getpeername(fd, NULL,
NULL); crashes (while it is a common way to determine whether an fd is a
socket).
Here is some patch:
2005-08-11 Samuel Thibault <samuel.thibault@ens-lyon.org>
* sysdeps/mach/hurd/getpeername.c (__getpeername): Check length
of buffer before writing the sa_family member.
Index: sysdeps/mach/hurd/getpeername.c
===================================================================
RCS file: /cvs/glibc/libc/sysdeps/mach/hurd/getpeername.c,v
retrieving revision 1.11
diff -u -p -r1.11 getpeername.c
- --- sysdeps/mach/hurd/getpeername.c 6 Jul 2001 04:55:57 -0000 1.11
+++ sysdeps/mach/hurd/getpeername.c 10 Aug 2005 23:36:00 -0000
@@ -54,7 +54,9 @@ __getpeername (int fd, __SOCKADDR_ARG ad
__vm_deallocate (__mach_task_self (), (vm_address_t) buf, buflen);
}
- - addr->sa_family = type;
+ if (offsetof (typeof (addr->sa_family), sa_family)
+ + sizeof (addr->sa_family) >= *len)
+ addr->sa_family = type;
return 0;
}
_______________________________________________
Bug-hurd mailing list
Bug-hurd@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-hurd
------- End of forwarded message -------
More information about the Libc-alpha
mailing list