diff options
author | Michael Santos <[email protected]> | 2010-08-21 22:15:01 -0400 |
---|---|---|
committer | Björn Gustavsson <[email protected]> | 2010-08-23 16:02:39 +0200 |
commit | ada2e2f79db780f4a029e3747ef52a01db3163a6 (patch) | |
tree | 87523e9ca0348ce8473dc0885058eb81a07e30d1 /lib/erl_interface/src/epmd | |
parent | 7ed6bbd4e8bb88958bd45f85e3ef8af39c9f894f (diff) | |
download | otp-ada2e2f79db780f4a029e3747ef52a01db3163a6.tar.gz otp-ada2e2f79db780f4a029e3747ef52a01db3163a6.tar.bz2 otp-ada2e2f79db780f4a029e3747ef52a01db3163a6.zip |
ei: prevent overflow in ei_connect_init/ei_xconnect
Check the length of the buffer before copying.
ei_cnode ec;
struct in_addr addr;
char *node = (char *)calloc(5001, 1);
(void)memset(node, 'x', 5000);
ei_connect_init(&ec, node, "", 0);
addr.s_addr = inet_addr("192.168.1.1");
ei_xconnect(&ec, &addr, node);
Diffstat (limited to 'lib/erl_interface/src/epmd')
-rw-r--r-- | lib/erl_interface/src/epmd/epmd_port.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/erl_interface/src/epmd/epmd_port.c b/lib/erl_interface/src/epmd/epmd_port.c index 663b38d2d4..cf6122fafa 100644 --- a/lib/erl_interface/src/epmd/epmd_port.c +++ b/lib/erl_interface/src/epmd/epmd_port.c @@ -106,6 +106,12 @@ static int ei_epmd_r3_port (struct in_addr *addr, const char *alive, char ntoabuf[32]; #endif + if (len > sizeof(buf) - 3) + { + erl_errno = ERANGE; + return -1; + } + put16be(s,len); put8(s,EI_EPMD_PORT_REQ); strcpy(s,alive); @@ -164,6 +170,12 @@ static int ei_epmd_r4_port (struct in_addr *addr, const char *alive, #if defined(VXWORKS) char ntoabuf[32]; #endif + + if (len > sizeof(buf) - 3) + { + erl_errno = ERANGE; + return -1; + } put16be(s,len); put8(s,EI_EPMD_PORT2_REQ); |