GetChooserAddr(): verify socket address fit in provided buffer

Should never happen, but makes Oracle Parfait stop warning: Error: Buffer overrun Read Outside Array Bounds in STD C function [read-outside-array-bounds-call-stdc]: Read outside array bounds in call to memmove. Buffer ((int8*)&in_addr) of size 256 is read at an offset of len Array size is 256 bytes, index <= 1024 at line 130 of xdm/socket.c in function 'GetChooserAddr'. called at line 197 of xdm/choose.c in function 'FormatChooserArgument' with lenp = &addr_len. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Alan Coopersmith <alan.coopersmith@oracle.com> 2022-04-10 11:14:50 -0700
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2022-04-10 20:02:51 +0000
commit: 00e0b3ae11bb1d4681b0206c341f57fc46ea98b1 (patch)
tree: 252384f44e3d29ee556f748dc2a18dfd7c6feb85
parent: c7daccd105a74fe97adb2c8e2842e3b19d5dd34c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/xdm/socket.c b/xdm/socket.c
index 251697e..5131d18 100644
--- a/xdm/socket.c
+++ b/xdm/socket.c
@@ -116,6 +116,8 @@ GetChooserAddr (
 	return -1;	/* TODO check other listening sockets */
     if (getsockname (chooserFd, (struct sockaddr *)&in_addr, (void *)&len) < 0)
 	return -1;
+    if (len > sizeof in_addr)
+        return -1;
 # if defined(IPv6) && defined(AF_INET6)
     if (((struct sockaddr *)&in_addr)->sa_family == AF_INET6)
 	Debug ("Chooser socket port: %d (IPv6)\n",
author	Alan Coopersmith <alan.coopersmith@oracle.com>	2022-04-10 11:14:50 -0700
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2022-04-10 20:02:51 +0000
commit	00e0b3ae11bb1d4681b0206c341f57fc46ea98b1 (patch)
tree	252384f44e3d29ee556f748dc2a18dfd7c6feb85
parent	c7daccd105a74fe97adb2c8e2842e3b19d5dd34c (diff)