From: Slavomir Kaslev <kaslevs@xxxxxxxxxx>
`trace-cmd listen` is passing a pointer to `struct sockaddr` to `accept`
with `addrlen` larger than its size which may corrupt the stack.
Switching it to `struct sockaddr_storage` provides enough space to store
both TCP and UNIX sockets address.
Signed-off-by: Slavomir Kaslev <kaslevs@xxxxxxxxxx>
---
tracecmd/trace-listen.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/tracecmd/trace-listen.c b/tracecmd/trace-listen.c
index c05c2d8..2f2cecc 100644
--- a/tracecmd/trace-listen.c
+++ b/tracecmd/trace-listen.c
@@ -1956,7 +1956,7 @@ static void release_fds(struct client_list *manager)
static void do_accept_loop(int nfd, int vfd, int mfd)
{
struct client_list *client;
- struct sockaddr addr;
+ struct sockaddr_storage addr;
socklen_t addrlen;
char *domain = NULL;
int timeout = -1;
@@ -2024,12 +2024,8 @@ static void do_accept_loop(int nfd, int vfd, int mfd)
continue;
if (i < FD_CONNECTED) {
- if (i == FD_NET)
- addrlen = sizeof(struct sockaddr_storage);
- else
- addrlen = sizeof(struct sockaddr_un);
-
- cfd = accept(fds[i].fd, &addr, &addrlen);
+ addrlen = sizeof(addr);
+ cfd = accept(fds[i].fd, (struct sockaddr *)&addr, &addrlen);
printf("connected!\n");
if (cfd < 0 && errno == EINTR)
continue;
@@ -2106,7 +2102,9 @@ static void do_accept_loop(int nfd, int vfd, int mfd)
}
if (i == FD_NET)
- pid = do_connection(cfd, &addr, addrlen, NULL, 0, NET,
+ pid = do_connection(cfd,
+ (struct sockaddr *)&addr,
+ addrlen, NULL, 0, NET,
NULL);
else {
pid = do_connection(cfd, NULL, 0,
--
2.17.1
|