This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
pespin gerrit-no-reply at lists.osmocom.orgpespin has submitted this change. ( https://gerrit.osmocom.org/c/libosmocore/+/19885 )
Change subject: socket: Fix stack-buffer-overflow in osmo_sock_local_ip()
......................................................................
socket: Fix stack-buffer-overflow in osmo_sock_local_ip()
On IPv6 sockets, getsockname() and inet_ntop() would act upon a
structure struct sockaddr_in.
First getsockname() would succeed but truncate the address, and later on
inet_ntop would read out of the scope of the structure.
Change-Id: If781d56680758a97643b1b38e78d3431ea649020
---
M src/socket.c
1 file changed, 17 insertions(+), 6 deletions(-)
Approvals:
laforge: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/src/socket.c b/src/socket.c
index 62a5846..df37ab8 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -1413,7 +1413,9 @@
int rc;
struct addrinfo addrinfo_hint;
struct addrinfo *addrinfo = NULL;
- struct sockaddr_in local_addr;
+ struct sockaddr_storage local_addr;
+ struct sockaddr_in *sin;
+ struct sockaddr_in6 *sin6;
socklen_t local_addr_len;
uint16_t family;
@@ -1442,12 +1444,21 @@
close(sfd);
if (rc < 0)
return -EINVAL;
- if (local_addr.sin_family == AF_INET)
- inet_ntop(AF_INET, &local_addr.sin_addr, local_ip, INET_ADDRSTRLEN);
- else if (local_addr.sin_family == AF_INET6)
- inet_ntop(AF_INET6, &local_addr.sin_addr, local_ip, INET6_ADDRSTRLEN);
- else
+
+ switch (local_addr.ss_family) {
+ case AF_INET:
+ sin = (struct sockaddr_in*)&local_addr;
+ if (!inet_ntop(AF_INET, &sin->sin_addr, local_ip, INET_ADDRSTRLEN))
+ return -EINVAL;
+ break;
+ case AF_INET6:
+ sin6 = (struct sockaddr_in6*)&local_addr;
+ if (!inet_ntop(AF_INET6, &sin6->sin6_addr, local_ip, INET_ADDRSTRLEN))
+ return -EINVAL;
+ break;
+ default:
return -EINVAL;
+ }
return 0;
}
--
To view, visit https://gerrit.osmocom.org/c/libosmocore/+/19885
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: If781d56680758a97643b1b38e78d3431ea649020
Gerrit-Change-Number: 19885
Gerrit-PatchSet: 2
Gerrit-Owner: pespin <pespin at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200831/896c429a/attachment.htm>