[GitHub] zookeeper pull request #559: ZOOKEEPER-3079: avoid unsafe use of sprintf(3)

Tue, 03 Jul 2018 14:05:41 -0700 

GitHub user sl4mmy opened a pull request:

    https://github.com/apache/zookeeper/pull/559

    ZOOKEEPER-3079: avoid unsafe use of sprintf(3)

    The function format_endpoint_info declares both addrstr and buf as 128
    element char arrays, however on non-Windows platforms it calls
    sprintf(3) to write into buf the value of addrstr followed by ':'
    followed by the the port number.  This causes a compiler error when
    building with GCC 8 because this could potentially overflow buf if the
    value of addrstr was ever 127 characters long (or a little less
    depending on how many digits are in port).  Of course, this couldn't
    actually happen because addrstr is initialized by inet_ntop(3) which
    won't write more than INET6_ADDRSTRLEN bytes (defined in <netinet/in.h>
    on POSIX-compliant systems).  Of course, GCC doesn't know that, so let's
    just declare addrstr as a char array of only size INET6_ADDRSTRLEN
    instead of 128.
    
    Signed-off-by: Kent R. Spillner <[email protected]>

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/sl4mmy/zookeeper zookeeper-3079

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zookeeper/pull/559.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #559
    
----
commit cb26e2f8d0704e1b5074c3e89c20962c5fc7f7b5
Author: Kent R. Spillner <kspillner@...>
Date:   2018-07-03T20:44:54Z

    ZOOKEEPER-3079: avoid unsafe use of sprintf(3)
    
    The function format_endpoint_info declares both addrstr and buf as 128
    element char arrays, however on non-Windows platforms it calls
    sprintf(3) to write into buf the value of addrstr followed by ':'
    followed by the the port number.  This causes a compiler error when
    building with GCC 8 because this could potentially overflow buf if the
    value of addrstr was ever 127 characters long (or a little less
    depending on how many digits are in port).  Of course, this couldn't
    actually happen because addrstr is initialized by inet_ntop(3) which
    won't write more than INET6_ADDRSTRLEN bytes (defined in <netinet/in.h>
    on POSIX-compliant systems).  Of course, GCC doesn't know that, so let's
    just declare addrstr as a char array of only size INET6_ADDRSTRLEN
    instead of 128.
    
    Signed-off-by: Kent R. Spillner <[email protected]>

----


---

Reply via email to