Google
  Web www.spinics.net

Re: array overflow in local.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Robert Schuster wrote:

> gcc found a problem in our native/jni/javanet/local.c.
> 
> I changed it to what I think makes sense but I am not sure whether this
> is still the intended behavior.
> 
> Furthermore since overrunning the bounds of a stack allocated array may
> trash other stuff on the stack I wonder whether this fix also prevents
> the problem that the workaround above the modified code speaks of. Since
> I do not run Darwin-based OS I cannot test it myself.

That may well be right.

IMO it should be more like

Index: local.c
===================================================================
RCS file: /cvsroot/classpath/classpath/native/jni/java-net/local.c,v
retrieving revision 1.4
diff -u -r1.4 local.c
--- local.c	17 Apr 2007 21:46:27 -0000	1.4
+++ local.c	27 Jun 2008 10:21:12 -0000
@@ -86,14 +86,13 @@
   if (gcc_sucks)
     fprintf (stderr, "bind %p\n", addr);

-  if (strlen (addr) > sizeof (saddr.sun_path))
+  if (strlen (addr) >= sizeof (saddr.sun_path))
     {
       errno = ENAMETOOLONG;
       return -1;
     }

-  strncpy (saddr.sun_path, addr, sizeof (saddr.sun_path));
-  saddr.sun_path[sizeof (saddr.sun_path)] = '\0';
+  strcpy (saddr.sun_path, addr);
   saddr.sun_family = AF_LOCAL;

   return bind (fd, (struct sockaddr *) &saddr, SUN_LEN (&saddr));


[Linux Kernel]     [Linux Cryptography]     [Fedora]     [Fedora Directory]     [Red Hat Development]

  Powered by Linux