Re: array overflow in local.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi.

Andrew Haley schrieb:
>> Furthermore since overrunning the bounds of a stack allocated array may
>> trash other stuff on the stack I wonder whether this fix also prevents
>> the problem that the workaround above the modified code speaks of. Since
>> I do not run Darwin-based OS I cannot test it myself.
> 
> That may well be right.
> 
> IMO it should be more like
OK.

Casey would you mind testing the attached patch on your Darwin platform?

Regards
Robert
Index: native/jni/java-net/local.c
===================================================================
RCS file: /sources/classpath/classpath/native/jni/java-net/local.c,v
retrieving revision 1.4
diff -u -r1.4 local.c
--- native/jni/java-net/local.c	17 Apr 2007 21:46:27 -0000	1.4
+++ native/jni/java-net/local.c	27 Jun 2008 13:14:40 -0000
@@ -73,27 +73,18 @@
   return socket (PF_UNIX, stream ? SOCK_STREAM : SOCK_DGRAM, 0);
 }
 
-static int gcc_sucks = 0;
-
 int
 local_bind (int fd, const char *addr)
 {
   struct sockaddr_un saddr;
 
-  /* For some reason, GCC 4.0.1 on Darwin/x86 MODIFIES the `addr'
-     pointer in the CALLER's STACK FRAME after calling this function,
-     but if we add this statement below, it doesn't!  */
-  if (gcc_sucks)
-    fprintf (stderr, "bind %p\n", addr);
-
-  if (strlen (addr) > sizeof (saddr.sun_path))
+  if (strlen (addr) >= sizeof (saddr.sun_path))
     {
       errno = ENAMETOOLONG;
       return -1;
     }
 
-  strncpy (saddr.sun_path, addr, sizeof (saddr.sun_path));
-  saddr.sun_path[sizeof (saddr.sun_path)] = '\0';
+  strcpy (saddr.sun_path, addr);
   saddr.sun_family = AF_LOCAL;
 
   return bind (fd, (struct sockaddr *) &saddr, SUN_LEN (&saddr));

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux Kernel]     [Linux Cryptography]     [Fedora]     [Fedora Directory]     [Red Hat Development]

  Powered by Linux