From cdfc10af65b613a5315add29a3b7a89c6b513883 Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Wed, 11 Jul 2018 18:27:54 +0200 Subject: ic: Fix correct external format sizes longs, longlongs and wchar were too small on 64-bit which could lead to potential buffer overflow at encoding. __OE_DOUBLESZ__ was too big, probably due to old text format. --- lib/ic/c_src/oe_ei_decode_wstring.c | 2 +- lib/ic/include/ic.h | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/ic/c_src/oe_ei_decode_wstring.c b/lib/ic/c_src/oe_ei_decode_wstring.c index 5b676fd579..66eaf66392 100644 --- a/lib/ic/c_src/oe_ei_decode_wstring.c +++ b/lib/ic/c_src/oe_ei_decode_wstring.c @@ -76,7 +76,7 @@ int oe_ei_decode_wstring(const char *buf, int *index, CORBA_wchar *p) { if (p) { /* Decoding part */ /* Allocate temporary string */ - tmp_space = (char*) malloc(length*(__OE_WCHARSZ__+1)); + tmp_space = (char*) malloc((length + 1)*sizeof(char)); if ((error_code = ei_decode_string(buf, index, tmp_space)) < 0) return error_code; diff --git a/lib/ic/include/ic.h b/lib/ic/include/ic.h index 3dc5dbd4b5..1eb9e1e9d9 100644 --- a/lib/ic/include/ic.h +++ b/lib/ic/include/ic.h @@ -251,13 +251,13 @@ extern "C" { #define __OE_MEMCHUNK__ 1024 #define __OE_VSNSZ__ 1 -#define __OE_LONGSZ__ 7 -#define __OE_LONGLONGSZ__ 7 -#define __OE_ULONGSZ__ 7 -#define __OE_ULONGLONGSZ__ 7 -#define __OE_DOUBLESZ__ 32 +#define __OE_LONGSZ__ (3+sizeof(long)) +#define __OE_LONGLONGSZ__ (3+sizeof(long)) +#define __OE_ULONGSZ__ (3+sizeof(long)) +#define __OE_ULONGLONGSZ__ (3+sizeof(long)) +#define __OE_DOUBLESZ__ 9 #define __OE_CHARSZ__ 2 -#define __OE_WCHARSZ__ 7 +#define __OE_WCHARSZ__ (3+sizeof(CORBA_wchar)) #define __OE_TUPLEHDRSZ__ 5 #define __OE_LISTHDRSZ__ 5 -- cgit v1.2.3 From dcb4042890ea121e29c56eea1dd6c6bcd912e2ba Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Wed, 11 Jul 2018 19:54:17 +0200 Subject: ic: Fix memory leak in oe_ei_decode_wstring --- lib/ic/c_src/oe_ei_decode_wstring.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/ic/c_src/oe_ei_decode_wstring.c b/lib/ic/c_src/oe_ei_decode_wstring.c index 66eaf66392..d2a8270291 100644 --- a/lib/ic/c_src/oe_ei_decode_wstring.c +++ b/lib/ic/c_src/oe_ei_decode_wstring.c @@ -78,8 +78,10 @@ int oe_ei_decode_wstring(const char *buf, int *index, CORBA_wchar *p) { /* Allocate temporary string */ tmp_space = (char*) malloc((length + 1)*sizeof(char)); - if ((error_code = ei_decode_string(buf, index, tmp_space)) < 0) - return error_code; + if ((error_code = ei_decode_string(buf, index, tmp_space)) < 0) { + free(tmp_space); + return error_code; + } /* Assign characters to wide characters */ for(tmp = 0; tmp < length; tmp++) @@ -88,7 +90,7 @@ int oe_ei_decode_wstring(const char *buf, int *index, CORBA_wchar *p) { p[tmp] = 0; /* Wide NULL */ /* Free temporary string */ - CORBA_free(tmp_space); + free(tmp_space); } else { /* Allocation counting part */ -- cgit v1.2.3 From b045265b77d7f495e9346b3671d503e3fdcbd7c6 Mon Sep 17 00:00:00 2001 From: Sverker Eriksson Date: Wed, 11 Jul 2018 20:02:30 +0200 Subject: ic: Tweak tests to provoke more outbuf reallocations Docs says min _memchunk is 32, so lets use that. --- lib/ic/test/c_client_erl_server_SUITE_data/c_client.c | 1 + lib/ic/test/c_client_erl_server_proto_SUITE_data/c_client.c | 1 + lib/ic/test/c_client_erl_server_proto_tmo_SUITE_data/c_client.c | 1 + lib/ic/test/erl_client_c_server_SUITE_data/c_server.c | 1 + lib/ic/test/erl_client_c_server_proto_SUITE_data/c_server.c | 1 + 5 files changed, 5 insertions(+) (limited to 'lib') diff --git a/lib/ic/test/c_client_erl_server_SUITE_data/c_client.c b/lib/ic/test/c_client_erl_server_SUITE_data/c_client.c index 446b46ad82..098d9cb11b 100644 --- a/lib/ic/test/c_client_erl_server_SUITE_data/c_client.c +++ b/lib/ic/test/c_client_erl_server_SUITE_data/c_client.c @@ -389,6 +389,7 @@ int main(int argc, char **argv) strcpy(env->_regname, peer_process_name); env->_to_pid = NULL; env->_from_pid = &pid; + env->_memchunk = 32; strcpy(pid.node, this_node); pid.num = fd; diff --git a/lib/ic/test/c_client_erl_server_proto_SUITE_data/c_client.c b/lib/ic/test/c_client_erl_server_proto_SUITE_data/c_client.c index d6a78d2481..146cee66a1 100644 --- a/lib/ic/test/c_client_erl_server_proto_SUITE_data/c_client.c +++ b/lib/ic/test/c_client_erl_server_proto_SUITE_data/c_client.c @@ -392,6 +392,7 @@ int main(int argc, char **argv) strcpy(env->_regname, peer_process_name); env->_to_pid = NULL; env->_from_pid = &pid; + env->_memchunk = 32; strcpy(pid.node, this_node); pid.num = fd; diff --git a/lib/ic/test/c_client_erl_server_proto_tmo_SUITE_data/c_client.c b/lib/ic/test/c_client_erl_server_proto_tmo_SUITE_data/c_client.c index 17ef21f4f4..9658825fda 100644 --- a/lib/ic/test/c_client_erl_server_proto_tmo_SUITE_data/c_client.c +++ b/lib/ic/test/c_client_erl_server_proto_tmo_SUITE_data/c_client.c @@ -392,6 +392,7 @@ int main(int argc, char **argv) strcpy(env->_regname, peer_process_name); env->_to_pid = NULL; env->_from_pid = &pid; + env->_memchunk = 32; strcpy(pid.node, this_node); pid.num = fd; diff --git a/lib/ic/test/erl_client_c_server_SUITE_data/c_server.c b/lib/ic/test/erl_client_c_server_SUITE_data/c_server.c index f48480e8dc..32890af794 100644 --- a/lib/ic/test/erl_client_c_server_SUITE_data/c_server.c +++ b/lib/ic/test/erl_client_c_server_SUITE_data/c_server.c @@ -187,6 +187,7 @@ int main(int argc, char **argv) } env = CORBA_Environment_alloc(INBUFSZ, OUTBUFSZ); env->_fd = fd; + env->_memchunk = 32; status = 1; loop = 1; diff --git a/lib/ic/test/erl_client_c_server_proto_SUITE_data/c_server.c b/lib/ic/test/erl_client_c_server_proto_SUITE_data/c_server.c index e2ba5bd5b6..d283bf22da 100644 --- a/lib/ic/test/erl_client_c_server_proto_SUITE_data/c_server.c +++ b/lib/ic/test/erl_client_c_server_proto_SUITE_data/c_server.c @@ -187,6 +187,7 @@ int main(int argc, char **argv) } env = CORBA_Environment_alloc(INBUFSZ, OUTBUFSZ); env->_fd = fd; + env->_memchunk = 32; status = 1; loop = 1; -- cgit v1.2.3