Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()

This commit is contained in:
Gerhard Rieger 2014-01-25 10:35:21 +01:00
parent 04ad6d5275
commit dfdeaa4836
2 changed files with 5 additions and 2 deletions

View file

@ -30,6 +30,8 @@ corrections:
On big endian platforms with type long >32bit the range option applied a On big endian platforms with type long >32bit the range option applied a
bad base address. Thanks to hejia hejia for reporting and fixing this bug. bad base address. Thanks to hejia hejia for reporting and fixing this bug.
Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
Red Hat issue 1022063: out-of-range shifts on net mask bits Red Hat issue 1022063: out-of-range shifts on net mask bits
Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4() Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()

View file

@ -1796,7 +1796,7 @@ int xiocheckpeer(xiosingle_t *xfd,
returns a sequence of \0 terminated name strings in *nambuff returns a sequence of \0 terminated name strings in *nambuff
returns a sequence of \0 terminated value strings in *valbuff returns a sequence of \0 terminated value strings in *valbuff
the respective len parameters specify the available space in the buffers the respective len parameters specify the available space in the buffers
returns STAT_OK returns STAT_OK or other STAT_*
*/ */
static int static int
xiolog_ancillary_socket(struct cmsghdr *cmsg, int *num, xiolog_ancillary_socket(struct cmsghdr *cmsg, int *num,
@ -1843,7 +1843,8 @@ xiolog_ancillary_socket(struct cmsghdr *cmsg, int *num,
cmsgname = "timestamp"; cmsgname = "timestamp";
cmsgenvn = "TIMESTAMP"; cmsgenvn = "TIMESTAMP";
{ time_t t = tv->tv_sec; ctime_r(&t, valbuff); } { time_t t = tv->tv_sec; ctime_r(&t, valbuff); }
sprintf(strchr(valbuff, '\0')-1/*del \n*/, ", %06ld usecs", (long)tv->tv_usec); //sprintf(strchr(valbuff, '\0')-1/*del \n*/, ", %06ld usecs", (long)tv->tv_usec);
snprintf(strchr(valbuff, '\0')-1/*del \n*/, vallen-strlen(valbuff)+1, ", %06ld usecs", (long)tv->tv_usec);
break; break;
#endif /* defined(SO_TIMESTAMP) */ #endif /* defined(SO_TIMESTAMP) */
; ;