diff options
author | Alan Somers <asomers@gmail.com> | 2022-07-14 11:10:06 -0600 |
---|---|---|
committer | Alan Somers <asomers@gmail.com> | 2022-07-14 11:37:56 -0600 |
commit | e0e768e7b92a33ed040c7f0438f860c522f2ef6f (patch) | |
tree | 3339316f3798fab7816014e93830ed43aa7fb577 /src/sys/socket | |
parent | e5f354cf58ac8aa80b2812a9d84d6854ecafb405 (diff) | |
download | nix-e0e768e7b92a33ed040c7f0438f860c522f2ef6f.zip |
Fix a buffer overflow in sys::socket::recvfrom
IPv4 and stream sockets are unaffected, but for datagram sockets of
other address types libc::recvfrom might overwrite part of the stack.
Fixes #1762
Diffstat (limited to 'src/sys/socket')
-rw-r--r-- | src/sys/socket/mod.rs | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/sys/socket/mod.rs b/src/sys/socket/mod.rs index 6386e62b..00b2ca70 100644 --- a/src/sys/socket/mod.rs +++ b/src/sys/socket/mod.rs @@ -1912,8 +1912,8 @@ pub fn recvfrom<T:SockaddrLike>(sockfd: RawFd, buf: &mut [u8]) -> Result<(usize, Option<T>)> { unsafe { - let mut addr = mem::MaybeUninit::uninit(); - let mut len = mem::size_of::<T>() as socklen_t; + let mut addr = mem::MaybeUninit::<T>::uninit(); + let mut len = mem::size_of_val(&addr) as socklen_t; let ret = Errno::result(libc::recvfrom( sockfd, @@ -1923,7 +1923,10 @@ pub fn recvfrom<T:SockaddrLike>(sockfd: RawFd, buf: &mut [u8]) addr.as_mut_ptr() as *mut libc::sockaddr, &mut len as *mut socklen_t))? as usize; - Ok((ret, T::from_raw(&addr.assume_init(), Some(len)))) + Ok((ret, T::from_raw( + addr.assume_init().as_ptr() as *const libc::sockaddr, + Some(len)) + )) } } |