aboutsummaryrefslogtreecommitdiffstats
path: root/lib/kernel
diff options
context:
space:
mode:
authorMichael Santos <michael.santos@gmail.com>2010-07-23 11:29:20 -0400
committerBjörn Gustavsson <bjorn@erlang.org>2010-07-26 14:42:31 +0200
commitd61d41e235bc464a15925e6fd1b7e9138477d3b3 (patch)
treec1525cc5a4c0ba1cd52bf281716c710900754b31 /lib/kernel
parent227d3f3ff078426ae79b7f2313bc8be915c5e252 (diff)
downloadotp-d61d41e235bc464a15925e6fd1b7e9138477d3b3.tar.gz
otp-d61d41e235bc464a15925e6fd1b7e9138477d3b3.tar.bz2
otp-d61d41e235bc464a15925e6fd1b7e9138477d3b3.zip
inet: fix getservbyname buffer overflow
The byte holding the length of the interface name for the getservbyname/2 function is used in a signed context and can become negative, causing the buffer to be overrun. Make the same change for getservbyport/2. Test case: inet:getservbyname(list_to_atom(lists:flatten(lists:duplicate(128, "x"))), tcp).
Diffstat (limited to 'lib/kernel')
-rw-r--r--lib/kernel/test/inet_SUITE.erl11
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/kernel/test/inet_SUITE.erl b/lib/kernel/test/inet_SUITE.erl
index d475ec74b6..86c2a0cbca 100644
--- a/lib/kernel/test/inet_SUITE.erl
+++ b/lib/kernel/test/inet_SUITE.erl
@@ -27,7 +27,7 @@
ipv4_to_ipv6/1, host_and_addr/1, parse/1, t_gethostnative/1,
gethostnative_parallell/1, cname_loop/1,
gethostnative_soft_restart/1,gethostnative_debug_level/1,getif/1,
- getif_ifr_name_overflow/1]).
+ getif_ifr_name_overflow/1,getservbyname_overflow/1]).
-export([get_hosts/1, get_ipv6_hosts/1, parse_hosts/1, parse_address/1,
kill_gethost/0, parallell_gethost/0]).
@@ -40,7 +40,7 @@ all(suite) ->
ipv4_to_ipv6, host_and_addr, parse,t_gethostnative,
gethostnative_parallell, cname_loop,
gethostnative_debug_level,gethostnative_soft_restart,
- getif,getif_ifr_name_overflow].
+ getif,getif_ifr_name_overflow,getservbyname_overflow].
init_per_testcase(_Func, Config) ->
Dog = test_server:timetrap(test_server:seconds(60)),
@@ -899,6 +899,13 @@ getif_ifr_name_overflow(Config) when is_list(Config) ->
?line {ok,[]} = inet:ifget(lists:duplicate(128, "x"), [addr]),
ok.
+getservbyname_overflow(doc) ->
+ "Test long service names do not overrun buffer";
+getservbyname_overflow(Config) when is_list(Config) ->
+ %% emulator should not crash
+ ?line {error,einval} = inet:getservbyname(list_to_atom(lists:flatten(lists:duplicate(128, "x"))), tcp),
+ ok.
+
%% Works just like lists:member/2, except that any {127,_,_,_} tuple
%% matches any other {127,_,_,_}. We do this to handle Linux systems
%% that use (for instance) 127.0.1.1 as the IP address for the hostname.