diff options
author | Michael Santos <michael.santos@gmail.com> | 2010-07-23 11:29:20 -0400 |
---|---|---|
committer | Björn Gustavsson <bjorn@erlang.org> | 2010-07-26 14:42:31 +0200 |
commit | d61d41e235bc464a15925e6fd1b7e9138477d3b3 (patch) | |
tree | c1525cc5a4c0ba1cd52bf281716c710900754b31 /lib/kernel | |
parent | 227d3f3ff078426ae79b7f2313bc8be915c5e252 (diff) | |
download | otp-d61d41e235bc464a15925e6fd1b7e9138477d3b3.tar.gz otp-d61d41e235bc464a15925e6fd1b7e9138477d3b3.tar.bz2 otp-d61d41e235bc464a15925e6fd1b7e9138477d3b3.zip |
inet: fix getservbyname buffer overflow
The byte holding the length of the interface name for the getservbyname/2
function is used in a signed context and can become negative, causing
the buffer to be overrun. Make the same change for getservbyport/2.
Test case:
inet:getservbyname(list_to_atom(lists:flatten(lists:duplicate(128, "x"))), tcp).
Diffstat (limited to 'lib/kernel')
-rw-r--r-- | lib/kernel/test/inet_SUITE.erl | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/kernel/test/inet_SUITE.erl b/lib/kernel/test/inet_SUITE.erl index d475ec74b6..86c2a0cbca 100644 --- a/lib/kernel/test/inet_SUITE.erl +++ b/lib/kernel/test/inet_SUITE.erl @@ -27,7 +27,7 @@ ipv4_to_ipv6/1, host_and_addr/1, parse/1, t_gethostnative/1, gethostnative_parallell/1, cname_loop/1, gethostnative_soft_restart/1,gethostnative_debug_level/1,getif/1, - getif_ifr_name_overflow/1]). + getif_ifr_name_overflow/1,getservbyname_overflow/1]). -export([get_hosts/1, get_ipv6_hosts/1, parse_hosts/1, parse_address/1, kill_gethost/0, parallell_gethost/0]). @@ -40,7 +40,7 @@ all(suite) -> ipv4_to_ipv6, host_and_addr, parse,t_gethostnative, gethostnative_parallell, cname_loop, gethostnative_debug_level,gethostnative_soft_restart, - getif,getif_ifr_name_overflow]. + getif,getif_ifr_name_overflow,getservbyname_overflow]. init_per_testcase(_Func, Config) -> Dog = test_server:timetrap(test_server:seconds(60)), @@ -899,6 +899,13 @@ getif_ifr_name_overflow(Config) when is_list(Config) -> ?line {ok,[]} = inet:ifget(lists:duplicate(128, "x"), [addr]), ok. +getservbyname_overflow(doc) -> + "Test long service names do not overrun buffer"; +getservbyname_overflow(Config) when is_list(Config) -> + %% emulator should not crash + ?line {error,einval} = inet:getservbyname(list_to_atom(lists:flatten(lists:duplicate(128, "x"))), tcp), + ok. + %% Works just like lists:member/2, except that any {127,_,_,_} tuple %% matches any other {127,_,_,_}. We do this to handle Linux systems %% that use (for instance) 127.0.1.1 as the IP address for the hostname. |