Overview

File 0018-buffer-size-check-in-localConnectServer.patch of Package sblim-sfcb

From 47618054258fc564b86d30212fddd8e459bbabc0 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Wed, 22 Oct 2008 15:32:44 +0200
Subject: [PATCH] buffer size check in localConnectServer

---
 msgqueue.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/msgqueue.c b/msgqueue.c
index ed2e055..c608dd8 100644
--- a/msgqueue.c
+++ b/msgqueue.c
@@ -682,6 +682,7 @@ void localConnectServer()
    
    listen(ssocket,1);
    
+   mlogf(M_INFO,M_SHOW,"--- localConnectServer listening on %d\n", ssocket);
    do {
      // sfcbSockets.send;
       cl=sizeof(clientAddr);
@@ -703,10 +704,14 @@ void localConnectServer()
       }
       
       read(nsocket, &msg.size, sizeof(msg.size));
+      if (msg.size > sizeof(struct _msg) - offsetof(struct _msg, oper)) {
+	mlogf(M_INFO,M_SHOW,"--- localConnectServer buffer overflow %d > %d\n", msg.size, sizeof(struct _msg) - offsetof(struct _msg, oper));
+	abort();
+      }
       read(nsocket, &msg.oper, msg.size);
       
       if (msg.size!=0) {
-         sprintf(cMsg,"--- Local Client connect - pid: %d user: %s\n",msg.pid,msg.id);
+         snprintf(cMsg,264,"--- Local Client connect - pid: %d user: %s\n",msg.pid,msg.id);
          mlogf(M_INFO,M_SHOW,cMsg);
          spSendCtlResult(&nsocket, &sfcbSockets.send, MSG_X_LOCAL, 0, 0, 0);
       }
-- 
1.6.0.2
openSUSE Build Service is sponsored by
Places