[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Axiom-developer] bug in server code
From: |
Camm Maguire |
Subject: |
[Axiom-developer] bug in server code |
Date: |
Tue, 20 Oct 2015 14:56:41 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) |
Greetings!
make_server_name in sockio-c.pamphlet makes a name that can be larger
than the sa_data field of the BSD sockaddr structure and overflow the
buffer, which is only 14 bytes long. You might want to consider
sockaddr_un.
This was uncovered on ppc64 using FORTIFY_SOURCE=2. A crude
workaround is included below, but it can surely be made better.
Take care,
=============================================================================
int
make_server_name(char *name,char * base)
{
char *num;
struct sockaddr addr;
if (spad_server_number != -1) {
snprintf(name, sizeof(addr.sa_data),"%s%d", base, spad_server_number);
return 0;
}
num = getenv("SPADNUM");
if (num == NULL) {
/* fprintf(stderr,
"\n(AXIOM Sockets) The AXIOM server number is undefined.\n");
*/
return -1;
}
snprintf(name, sizeof(addr.sa_data),"%s%s", base, num);
return 0;
}
=============================================================================
--
Camm Maguire address@hidden
==========================================================================
"The earth is but one country, and mankind its citizens." -- Baha'u'llah