Buffer overflow in openslp-1.2.1, patch
Brought to you by:
jcalcote
Menu
▾
▴
#136 Buffer overflow in openslp-1.2.1, patch
From https://bugs.gentoo.org/show_bug.cgi?id=329039
Problem:
if x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../common
-I../libslpattr -I. -I../libslp -DETCDIR=\"/etc\" -DVARDIR=\"/var\"
-DCPPFLAGS_TEST -DNDEBUG -D_REENTRANT=1 -O2 -march=k8 -pipe -g
-Wimplicit-function-declaration -DLINUX -Wall -O3 -MT slpd_socket.o -MD -MP -
MF
".deps/slpd_socket.Tpo" -c -o slpd_socket.o slpd_socket.c; \
then mv -f ".deps/slpd_socket.Tpo" ".deps/slpd_socket.Po"; else rm -f
".deps/slpd_socket.Tpo"; exit 1; fi
In file included from /usr/include/string.h:640:0,
from slpd_unistd.h:56,
from slpd.h:62,
from slpd_socket.h:53,
from slpd_socket.c:53:
In function ‘memcpy’,
inlined from ‘DropSLPMulticastGroup’ at slpd_socket.c:186:11:
/usr/include/bits/string3.h:52:3: warning: call to __builtin___memcpy_chk will
always overflow destination buffer
Solution:
memcpy should copy sizeof(struct in_addr) not sizeof(addr)
sizeof(addr) will return the size of a pointer, not the size of struct
in_addr, the item being copied.
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
patch
fixed in 2.0 code base.