Fix a buffer overflow in sys::socket::recvfrom

IPv4 and stream sockets are unaffected, but for datagram sockets of other address types libc::recvfrom might overwrite part of the stack. Fixes #1762
author: Alan Somers <asomers@gmail.com> 2022-07-14 11:10:06 -0600
committer: Alan Somers <asomers@gmail.com> 2022-07-14 11:37:56 -0600
commit: e0e768e7b92a33ed040c7f0438f860c522f2ef6f (patch)
tree: 3339316f3798fab7816014e93830ed43aa7fb577 /src/sys/socket
parent: e5f354cf58ac8aa80b2812a9d84d6854ecafb405 (diff)
download: nix-e0e768e7b92a33ed040c7f0438f860c522f2ef6f.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/src/sys/socket/mod.rs b/src/sys/socket/mod.rs
index 6386e62b..00b2ca70 100644
--- a/src/sys/socket/mod.rs
+++ b/src/sys/socket/mod.rs
@@ -1912,8 +1912,8 @@ pub fn recvfrom<T:SockaddrLike>(sockfd: RawFd, buf: &mut [u8])
     -> Result<(usize, Option<T>)>
 {
     unsafe {
-        let mut addr = mem::MaybeUninit::uninit();
-        let mut len = mem::size_of::<T>() as socklen_t;
+        let mut addr = mem::MaybeUninit::<T>::uninit();
+        let mut len = mem::size_of_val(&addr) as socklen_t;
 
         let ret = Errno::result(libc::recvfrom(
             sockfd,
@@ -1923,7 +1923,10 @@ pub fn recvfrom<T:SockaddrLike>(sockfd: RawFd, buf: &mut [u8])
             addr.as_mut_ptr() as *mut libc::sockaddr,
             &mut len as *mut socklen_t))? as usize;
 
-        Ok((ret, T::from_raw(&addr.assume_init(), Some(len))))
+        Ok((ret, T::from_raw(
+            addr.assume_init().as_ptr() as *const libc::sockaddr,
+            Some(len))
+        ))
     }
 }
author	Alan Somers <asomers@gmail.com>	2022-07-14 11:10:06 -0600
committer	Alan Somers <asomers@gmail.com>	2022-07-14 11:37:56 -0600
commit	e0e768e7b92a33ed040c7f0438f860c522f2ef6f (patch)
tree	3339316f3798fab7816014e93830ed43aa7fb577 /src/sys/socket
parent	e5f354cf58ac8aa80b2812a9d84d6854ecafb405 (diff)
download	nix-e0e768e7b92a33ed040c7f0438f860c522f2ef6f.zip