diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2022-04-10 11:14:50 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2022-04-10 20:02:51 +0000 |
commit | 00e0b3ae11bb1d4681b0206c341f57fc46ea98b1 (patch) | |
tree | 252384f44e3d29ee556f748dc2a18dfd7c6feb85 | |
parent | c7daccd105a74fe97adb2c8e2842e3b19d5dd34c (diff) |
GetChooserAddr(): verify socket address fit in provided buffer
Should never happen, but makes Oracle Parfait stop warning:
Error: Buffer overrun
Read Outside Array Bounds in STD C function [read-outside-array-bounds-call-stdc]:
Read outside array bounds in call to memmove. Buffer ((int8*)&in_addr) of size 256 is read at an offset of len
Array size is 256 bytes, index <= 1024
at line 130 of xdm/socket.c in function 'GetChooserAddr'.
called at line 197 of xdm/choose.c in function 'FormatChooserArgument' with lenp = &addr_len.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-rw-r--r-- | xdm/socket.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/xdm/socket.c b/xdm/socket.c index 251697e..5131d18 100644 --- a/xdm/socket.c +++ b/xdm/socket.c @@ -116,6 +116,8 @@ GetChooserAddr ( return -1; /* TODO check other listening sockets */ if (getsockname (chooserFd, (struct sockaddr *)&in_addr, (void *)&len) < 0) return -1; + if (len > sizeof in_addr) + return -1; # if defined(IPv6) && defined(AF_INET6) if (((struct sockaddr *)&in_addr)->sa_family == AF_INET6) Debug ("Chooser socket port: %d (IPv6)\n", |