From dfdeaa483663904399b279b21fd91556e77f79e0 Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Sat, 25 Jan 2014 10:35:21 +0100 Subject: [PATCH] Red Hat issue 1022070: missing length check in xiolog_ancillary_socket() --- CHANGES | 2 ++ xio-socket.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index fde88c3..efa4471 100644 --- a/CHANGES +++ b/CHANGES @@ -30,6 +30,8 @@ corrections: On big endian platforms with type long >32bit the range option applied a bad base address. Thanks to hejia hejia for reporting and fixing this bug. + Red Hat issue 1022070: missing length check in xiolog_ancillary_socket() + Red Hat issue 1022063: out-of-range shifts on net mask bits Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4() diff --git a/xio-socket.c b/xio-socket.c index 3567555..8988aed 100644 --- a/xio-socket.c +++ b/xio-socket.c @@ -1796,7 +1796,7 @@ int xiocheckpeer(xiosingle_t *xfd, returns a sequence of \0 terminated name strings in *nambuff returns a sequence of \0 terminated value strings in *valbuff the respective len parameters specify the available space in the buffers - returns STAT_OK + returns STAT_OK or other STAT_* */ static int xiolog_ancillary_socket(struct cmsghdr *cmsg, int *num, @@ -1843,7 +1843,8 @@ xiolog_ancillary_socket(struct cmsghdr *cmsg, int *num, cmsgname = "timestamp"; cmsgenvn = "TIMESTAMP"; { time_t t = tv->tv_sec; ctime_r(&t, valbuff); } - sprintf(strchr(valbuff, '\0')-1/*del \n*/, ", %06ld usecs", (long)tv->tv_usec); + //sprintf(strchr(valbuff, '\0')-1/*del \n*/, ", %06ld usecs", (long)tv->tv_usec); + snprintf(strchr(valbuff, '\0')-1/*del \n*/, vallen-strlen(valbuff)+1, ", %06ld usecs", (long)tv->tv_usec); break; #endif /* defined(SO_TIMESTAMP) */ ;