aboutsummaryrefslogtreecommitdiffstats
path: root/erts/emulator/drivers
diff options
context:
space:
mode:
authorRaimo Niskanen <[email protected]>2018-09-10 16:43:30 +0200
committerRaimo Niskanen <[email protected]>2018-09-11 15:29:35 +0200
commit84e1631071858fdfd04109129c020760bb952362 (patch)
tree48220614868ed0ebd0af8ef628a85520cc9eafdf /erts/emulator/drivers
parent6a556ffb979273e84ae00c997cb38086ba9ef2f5 (diff)
downloadotp-84e1631071858fdfd04109129c020760bb952362.tar.gz
otp-84e1631071858fdfd04109129c020760bb952362.tar.bz2
otp-84e1631071858fdfd04109129c020760bb952362.zip
Fix term buffer overflow bug
Diffstat (limited to 'erts/emulator/drivers')
-rw-r--r--erts/emulator/drivers/common/inet_drv.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/erts/emulator/drivers/common/inet_drv.c b/erts/emulator/drivers/common/inet_drv.c
index f9a471afd5..3478ba7081 100644
--- a/erts/emulator/drivers/common/inet_drv.c
+++ b/erts/emulator/drivers/common/inet_drv.c
@@ -625,13 +625,14 @@ static size_t my_strnlen(const char *s, size_t maxlen)
#endif
#ifndef __WIN32__
-/* Calculate CMSG_NXTHDR without having a struct msghdr*
+/* Calculate CMSG_NXTHDR without having a struct msghdr*.
* CMSG_LEN only caters for alignment for start of data.
* To get how much to advance we need to use CMSG_SPACE
* on the payload length. To get the payload length we
* take the calculated cmsg->cmsg_len and subtract the
* header length. To get the header length we use
- * CMSG_LEN with payload length 0.
+ * the pointer difference from the cmsg start pointer
+ * to the CMSG_DATA(cmsg) pointer.
*/
#define LEN_CMSG_DATA(cmsg) ((char*)CMSG_DATA(cmsg) - (char*)(cmsg))
#define NXT_CMSG_HDR(cmsg) \
@@ -946,8 +947,13 @@ static size_t my_strnlen(const char *s, size_t maxlen)
#ifdef HAVE_SCTP
#define PACKET_ERL_DRV_TERM_DATA_LEN 512
#else
+#ifndef __WIN32__
+/* Assume we have recvmsg() and might need room for ancillary data */
+#define PACKET_ERL_DRV_TERM_DATA_LEN 64
+#else
#define PACKET_ERL_DRV_TERM_DATA_LEN 32
#endif
+#endif
#define BIN_REALLOC_MARGIN(x) ((x)/4) /* 25% */
@@ -12658,10 +12664,10 @@ static int packet_inet_input(udp_descriptor* udesc, HANDLE event)
}
}
mp = NULL;
-#if defined(HAVE_SCTP)
+#ifdef HAVE_SCTP
if (IS_SCTP(desc)) mp = &mhdr;
#endif
-#if !defined(__WIN32__)
+#ifndef __WIN32__
if (desc->recv_cmsgflags) mp = &mhdr;
#endif
/* Actual parsing and return of the data received, occur here: */