Age | Commit message (Collapse) | Author |
|
|
|
Don't know why the 1 was there, it does however cause the
buffer to overflow when decoding the atoms from rex.
OTP-9799
|
|
Removed symbolic links from repository.
|
|
Still does not run, just compiles.
|
|
* dev:
Update copyright years
|
|
|
|
Conflicts:
erts/aclocal.m4
erts/include/internal/ethread_header_config.h.in
|
|
* ac/fix-erl_interface-docs:
Make comment reflect code in erl_interface/src/misc/ei_decode_term.c
ei_decode_ei_term() returns 1 if index is incremented
OTP-9559
|
|
* cr/cppcheck:
Changes inspired by running cppcheck(1)
OTP-9557
|
|
|
|
* ms/ei-int-overflow-in-string-atom-enc:
ei: integer overflow in string/atom encoding
OTP-9530
|
|
Note that ei_decode_term.h has the correct behaviour described!
Also removed extraneous '/* return 0; */' comments.
|
|
|
|
|
|
|
|
ei_encode_atom() and ei_encode_string() use strlen() to get the length
of the buffer. As strlen() returns an unsigned long long and both ei
functions take a signed integer, the length fields may overflow.
Check the results of strlen can be held in a signed integer.
|
|
|
|
|
|
* gl/erl_do_receive_msg/OTP-9241:
The function 'erl_xreceive_msg' returned garbage in the 'to' and 'to_name' members of the message. The reason for that was found in the 'erl_do_receive_msg' function. When no 'pid' is provided by the sender, like when doing rpc calls as those uses registered name sends, it doesn't initialize the 'to' member and also the 'to_name' member is copied by the function.
|
|
members of the message. The reason for that was found in the 'erl_do_receive_msg' function. When no 'pid' is provided by the sender, like when doing rpc calls as those uses registered name sends, it doesn't initialize the 'to' member and also the 'to_name' member is copied by the function.
|
|
|
|
* cg/fix-sizeof-array-arg:
Fix using sizeof() for array given as function argument
OTP-9151
|
|
|
|
When using the sizeof() operator for an array given as function argument it
returns the size of the pointer.
In this case, the affected function hex(char digest[16], char buff[33]) will
just print 4 or 8 byte instead of the full length of 16 bytes, on 32bit and
64bit systems respectively.
|
|
|
|
|
|
* vb/ei-exts:
Fix testcases erl_global_whereis, erl_global_names
Fix wrong erl_compare_ext result comparing lists
Correct erl_global{register, unregister} functions
Add PID (~p) type parameters to ei_format
Add char (~c) type parameters to ei_format
OTP-9015
Conflicts:
lib/erl_interface/include/ei.h
|
|
|
|
Function erl_compare_ext of erl_interface library returns
1 instead -1 when comparing lists like [0] and [0, 1000].
Credits to: Evgeny Khirin <evgeny.khirin <at> erlios.com>
|
|
C node needs DFLAG_DIST_MONITOR flag set when connecting,
and support for processing monitoring start/end messages
received from counterpart, to make global registration
actually work.
|
|
|
|
|
|
From R14B integers use all 32 bits of external format
INTEGER_EXT. erl_term_len still had the 28-bit check and therefor
returned a too large values (7 instead of 5) for integers of 29-32
bits.
erl_term_len also returned a 2 bytes too small value for references.
|
|
* ms/ei-fixes:
ei: check memory was allocated
ei: error if return value of ei_alloc_big is NULL
OTP-8943
|
|
* ms/ei-fix-node-name-overflow:
ei: check the length of the node name
OTP-8943
|
|
|
|
|
|
|
|
|
|
Check the length of the node name to prevent an overflow.
|
|
* ms/fix-zero-byte-allocation:
registry: fix zero byte allocation
OTP-8893
|
|
* sv/ei-number-parsing:
teach ei_x_format to handle unary - and +
OTP-8891
|
|
Teach the format string parser used for ei_x_format() and
ei_x_format_wo_ver() about unary negative and positive operators on
numbers. Previously, passing a negative numeric constant or a positive
numeric constant with an explicit leading plus sign within the format
string would cause these functions to fail.
Augment the format_wo_ver unit test in the ei_format suite with a
regression test for these cases.
An easy way to reproduce the problem is to use erl_call:
erl_call -s foo@bar -a 'erlang list_to_integer [-1]'
Without this change, erl_call fails with a -1 exit status. With this
change, it properly prints "-1".
|
|
Pasto in code results in 0 bytes (instead of length bytes) being allocated
when the length of the key exceeds the static buffer.
|
|
get_hostent does not properly handle IPv4 addresses on little endian
platforms and fails with hostnames beginning with a number. Remove
get_hostent and use ei_gethostbyname directly since gethostbyname supports
IPv4 addresses.
Reported-By: Julien Barbot
|
|
* pan/epmd-vulnerabilities/OTP-8780:
Teach testcases to survive TIME_WAIT overload
Update erl_interface doc and testsuite for epmd changes
Restore null termination of input buffer
Teach testcase epmd_SUITE:too_large to accept econnaborted
Teach epmd_cli.c to not respond 'Killed' when killing denied
Calculate minimal packet size for ALIVE2 requests correctly
Document epmd and it's options properly and fixup help text
Fix anomalies in epmd not yet reported as security issues
Remove two buffer overflow vulnerabilities in EPMD
Remove all support for ancient EPMD protocol
Remove very old protocol from EPMD
Conflicts:
lib/erl_interface/src/epmd/epmd_port.c
|
|
* sv/ei-writev:
fix incorrect writev iovec buffer handling in ei
OTP-8837
|
|
|
|
For platforms that support writev, ei uses iovec structures to be able
to easily send noncontiguous data buffers. When sending large
messages, the socket can of course block, in which case ei adjusts its
iovecs to pick up where it left off when the socket becomes writeable
again. Unfortunately the code that handled the case when the number of
bytes written are less than the current iovec size adjusted only the
iovec byte count but not the iovec data pointer, resulting in the same
data being sent multiple times.
The fix is trivial: in addition to subtracting the count of bytes
already written from the current iovec's size, also increment the
current iovec's data pointer by the number of bytes already written.
Tested manually on Linux and verified to fix a problem detected in
production with writing large binaries from a cnode to a regular
node. No unit tests were added, however, because they use the local
loopback which acts more like a pipe than an inter-host TCP
connection. The closing of the TCP window on the receiving side and
the resultant write blocking on the socket, which in turn caused the
code that mishandled the iovecs to be exercised, could unfortunately
not be readily duplicated in the erl_interface test suite.
|
|
Check operations that can overflow, e.g.,
erl_call -sname $(perl -e 'print "x"x5000')
perl -e 'print "-module(", "x"x10000, ");"' | erl_call -m -r -sname foo
|