This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
pespin gerrit-no-reply at lists.osmocom.orgpespin has submitted this change. ( https://gerrit.osmocom.org/c/libosmocore/+/19885 ) Change subject: socket: Fix stack-buffer-overflow in osmo_sock_local_ip() ...................................................................... socket: Fix stack-buffer-overflow in osmo_sock_local_ip() On IPv6 sockets, getsockname() and inet_ntop() would act upon a structure struct sockaddr_in. First getsockname() would succeed but truncate the address, and later on inet_ntop would read out of the scope of the structure. Change-Id: If781d56680758a97643b1b38e78d3431ea649020 --- M src/socket.c 1 file changed, 17 insertions(+), 6 deletions(-) Approvals: laforge: Looks good to me, approved Jenkins Builder: Verified diff --git a/src/socket.c b/src/socket.c index 62a5846..df37ab8 100644 --- a/src/socket.c +++ b/src/socket.c @@ -1413,7 +1413,9 @@ int rc; struct addrinfo addrinfo_hint; struct addrinfo *addrinfo = NULL; - struct sockaddr_in local_addr; + struct sockaddr_storage local_addr; + struct sockaddr_in *sin; + struct sockaddr_in6 *sin6; socklen_t local_addr_len; uint16_t family; @@ -1442,12 +1444,21 @@ close(sfd); if (rc < 0) return -EINVAL; - if (local_addr.sin_family == AF_INET) - inet_ntop(AF_INET, &local_addr.sin_addr, local_ip, INET_ADDRSTRLEN); - else if (local_addr.sin_family == AF_INET6) - inet_ntop(AF_INET6, &local_addr.sin_addr, local_ip, INET6_ADDRSTRLEN); - else + + switch (local_addr.ss_family) { + case AF_INET: + sin = (struct sockaddr_in*)&local_addr; + if (!inet_ntop(AF_INET, &sin->sin_addr, local_ip, INET_ADDRSTRLEN)) + return -EINVAL; + break; + case AF_INET6: + sin6 = (struct sockaddr_in6*)&local_addr; + if (!inet_ntop(AF_INET6, &sin6->sin6_addr, local_ip, INET_ADDRSTRLEN)) + return -EINVAL; + break; + default: return -EINVAL; + } return 0; } -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/19885 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: If781d56680758a97643b1b38e78d3431ea649020 Gerrit-Change-Number: 19885 Gerrit-PatchSet: 2 Gerrit-Owner: pespin <pespin at sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge at osmocom.org> Gerrit-Reviewer: pespin <pespin at sysmocom.de> Gerrit-MessageType: merged -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200831/896c429a/attachment.htm>