[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
getpeername(fd,NULL,NULL) crashes
From: |
Samuel Thibault |
Subject: |
getpeername(fd,NULL,NULL) crashes |
Date: |
Thu, 11 Aug 2005 01:42:41 +0200 |
User-agent: |
Mutt/1.5.9i-nntp |
Hi,
The implementation of getpeername(fd, addr, len) (in
libc/sysdeps/mach/hurd/getpeername.c) performs addr->sa_family = type;
without checking that *len is big enough, so that getpeername(fd, NULL,
NULL); crashes (while it is a common way to determine whether an fd is a
socket).
Here is some patch:
2005-08-11 Samuel Thibault <samuel.thibault@ens-lyon.org>
* sysdeps/mach/hurd/getpeername.c (__getpeername): Check length
of buffer before writing the sa_family member.
Index: sysdeps/mach/hurd/getpeername.c
===================================================================
RCS file: /cvs/glibc/libc/sysdeps/mach/hurd/getpeername.c,v
retrieving revision 1.11
diff -u -p -r1.11 getpeername.c
--- sysdeps/mach/hurd/getpeername.c 6 Jul 2001 04:55:57 -0000 1.11
+++ sysdeps/mach/hurd/getpeername.c 10 Aug 2005 23:36:00 -0000
@@ -54,7 +54,8 @@ __getpeername (int fd, __SOCKADDR_ARG ad
__vm_deallocate (__mach_task_self (), (vm_address_t) buf, buflen);
}
- addr->sa_family = type;
+ if (offsetof (typeof (addr->sa_family), sa_family) + sizeof
(addr->sa_family) >= *len)
+ addr->sa_family = type;
return 0;
}
- getpeername(fd,NULL,NULL) crashes,
Samuel Thibault <=