[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Axiom-developer] bug in server code

From: Camm Maguire
Subject: [Axiom-developer] bug in server code
Date: Tue, 20 Oct 2015 14:56:41 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)


make_server_name in sockio-c.pamphlet makes a name that can be larger
than the sa_data field of the BSD sockaddr structure and overflow the
buffer, which is only 14 bytes long.  You might want to consider

This was uncovered on ppc64 using FORTIFY_SOURCE=2.  A crude
workaround is included below, but it can surely be made better.

Take care,
make_server_name(char *name,char * base)
  char *num;
  struct sockaddr addr;
  if (spad_server_number != -1) {
    snprintf(name, sizeof(addr.sa_data),"%s%d", base, spad_server_number);
    return 0;
  num = getenv("SPADNUM");
  if (num == NULL) {
/*    fprintf(stderr,
      "\n(AXIOM Sockets) The AXIOM server number is undefined.\n");
    return -1;
  snprintf(name, sizeof(addr.sa_data),"%s%s", base, num);
  return 0;
Camm Maguire                                        address@hidden
"The earth is but one country, and mankind its citizens."  --  Baha'u'llah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]