Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()

This commit is contained in:
Gerhard Rieger 2014-03-26 13:15:00 +01:00
parent 81818eda56
commit fe0aed5156
2 changed files with 4 additions and 2 deletions

View file

@ -26,6 +26,8 @@ corrections:
On big endian platforms with type long >32bit the range option applied a On big endian platforms with type long >32bit the range option applied a
bad base address. Thanks to hejia hejia for reporting and fixing this bug. bad base address. Thanks to hejia hejia for reporting and fixing this bug.
Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
Red Hat issue 1022063: out-of-range shifts on net mask bits Red Hat issue 1022063: out-of-range shifts on net mask bits
Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4() Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()

View file

@ -1876,7 +1876,7 @@ int xiocheckpeer(xiosingle_t *xfd,
returns a sequence of \0 terminated name strings in *nambuff returns a sequence of \0 terminated name strings in *nambuff
returns a sequence of \0 terminated value strings in *valbuff returns a sequence of \0 terminated value strings in *valbuff
the respective len parameters specify the available space in the buffers the respective len parameters specify the available space in the buffers
returns STAT_OK returns STAT_OK or other STAT_*
*/ */
static int static int
xiolog_ancillary_socket(struct cmsghdr *cmsg, int *num, xiolog_ancillary_socket(struct cmsghdr *cmsg, int *num,
@ -1923,7 +1923,7 @@ xiolog_ancillary_socket(struct cmsghdr *cmsg, int *num,
cmsgname = "timestamp"; cmsgname = "timestamp";
cmsgenvn = "TIMESTAMP"; cmsgenvn = "TIMESTAMP";
{ time_t t = tv->tv_sec; ctime_r(&t, valbuff); } { time_t t = tv->tv_sec; ctime_r(&t, valbuff); }
sprintf(strchr(valbuff, '\0')-1/*del \n*/, ", %06ld usecs", (long)tv->tv_usec); snprintf(strchr(valbuff, '\0')-1/*del \n*/, vallen-strlen(valbuff)+1, ", %06ld usecs", (long)tv->tv_usec);
break; break;
#endif /* defined(SO_TIMESTAMP) */ #endif /* defined(SO_TIMESTAMP) */
; ;