The Samba-Bugzilla – Attachment 12165 Details for
Bug 11955
lib: msghdr_copy() passes an invalid pointer to msghdr_prep_fds()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed fix for master.
0001-lib-Fix-uninitialized-read-in-msghdr_copy.patch (text/plain), 1.13 KB, created by
Jeremy Allison
on 2016-06-07 20:32:04 UTC
(
hide
)
Description:
Proposed fix for master.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2016-06-07 20:32:04 UTC
Size:
1.13 KB
patch
obsolete
>From 9cadfb54a6899b7d704be7a022b95a3bec31c43f Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Mon, 12 Jan 2015 17:47:19 +0100 >Subject: [PATCH] lib: Fix uninitialized read in msghdr_copy > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Amitay Isaacs <amitay@gmail.com> >Reviewed-by: Jeremy Allison <jra@samba.org> >--- > lib/util/msghdr.c | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) > >diff --git a/lib/util/msghdr.c b/lib/util/msghdr.c >index 1aeadfc..a0bb98c 100644 >--- a/lib/util/msghdr.c >+++ b/lib/util/msghdr.c >@@ -204,7 +204,21 @@ ssize_t msghdr_copy(struct msghdr_buf *msg, size_t msgsize, > bufsize = (msgsize > offsetof(struct msghdr_buf, buf)) ? > msgsize - offsetof(struct msghdr_buf, buf) : 0; > >- fd_len = msghdr_prep_fds(&msg->msg, msg->buf, bufsize, fds, num_fds); >+ if (msg != NULL) { >+ msg->msg = (struct msghdr) {}; >+ >+ fd_len = msghdr_prep_fds(&msg->msg, >+ msg->buf, >+ bufsize, >+ fds, >+ num_fds); >+ } else { >+ fd_len = msghdr_prep_fds(NULL, >+ NULL, >+ bufsize, >+ fds, >+ num_fds); >+ } > > if (fd_len == -1) { > return -1; >-- >2.8.0.rc3.226.g39d4020 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 11955
:
12165
|
12167