diff --git a/CHANGES b/CHANGES index ada0ea0..3f4d745 100644 --- a/CHANGES +++ b/CHANGES @@ -26,6 +26,8 @@ corrections: On big endian platforms with type long >32bit the range option applied a bad base address. Thanks to hejia hejia for reporting and fixing this bug. + Red Hat issue 1022070: missing length check in xiolog_ancillary_socket() + Red Hat issue 1022063: out-of-range shifts on net mask bits Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4() diff --git a/xio-socket.c b/xio-socket.c index 527cecc..2f7d132 100644 --- a/xio-socket.c +++ b/xio-socket.c @@ -1876,7 +1876,7 @@ int xiocheckpeer(xiosingle_t *xfd, returns a sequence of \0 terminated name strings in *nambuff returns a sequence of \0 terminated value strings in *valbuff the respective len parameters specify the available space in the buffers - returns STAT_OK + returns STAT_OK or other STAT_* */ static int xiolog_ancillary_socket(struct cmsghdr *cmsg, int *num, @@ -1923,7 +1923,7 @@ xiolog_ancillary_socket(struct cmsghdr *cmsg, int *num, cmsgname = "timestamp"; cmsgenvn = "TIMESTAMP"; { time_t t = tv->tv_sec; ctime_r(&t, valbuff); } - sprintf(strchr(valbuff, '\0')-1/*del \n*/, ", %06ld usecs", (long)tv->tv_usec); + snprintf(strchr(valbuff, '\0')-1/*del \n*/, vallen-strlen(valbuff)+1, ", %06ld usecs", (long)tv->tv_usec); break; #endif /* defined(SO_TIMESTAMP) */ ;