[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Guile segfault with network calls

From: Martin Grabmueller
Subject: Guile segfault with network calls
Date: Thu, 1 Mar 2001 10:28:55 +0100 (MET)

Hello list,

Guile segfaults when a Unix domain address with a very long pathname is
passed to calls like `connect', `bind' or `sendto'.


guile> (define s (socket AF_UNIX SOCK_STREAM 0))
guile> (connect s AF_UNIX (make-string 100000 #\c))
Segmentation fault

The reason is the following code in `scm_fill_sockaddr' in socket.c:424,
where a memcpy is made without checking for the length.

    case AF_UNIX:
        struct sockaddr_un *soka;

        soka = (struct sockaddr_un *)
          scm_must_malloc (sizeof (struct sockaddr_un), proc);
        memset (soka, 0, sizeof (struct sockaddr_un));
        soka->sun_family = AF_UNIX;
        SCM_ASSERT (SCM_STRINGP (address), address, which_arg, proc);
        memcpy (soka->sun_path, SCM_STRING_CHARS (address),
                1 + SCM_STRING_LENGTH (address));
        *size = sizeof (struct sockaddr_un);
        return (struct sockaddr *) soka;

I don't know what the correct fix for this is, because I couldn't find
out whether there is a standard maximum path length.  Maybe POSIX or
one of the other `Standards' defines one?  Does anyone know?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]