Author: rfm
Date: Tue Feb 9 13:32:51 2016
New Revision: 39342
URL: http://svn.gna.org/viewcvs/gnustep?rev=39342&view=rev
Log:
Fix occasional crash on 64bit systems.
Modified:
libs/base/trunk/ChangeLog
libs/base/trunk/Tools/gdomap.c
Modified: libs/base/trunk/ChangeLog
URL:
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?rev=39342&r1=39341&r2=39342&view=diff
==============================================================================
--- libs/base/trunk/ChangeLog (original)
+++ libs/base/trunk/ChangeLog Tue Feb 9 13:32:51 2016
@@ -1,3 +1,10 @@
+2016-02-09 Richard Frith-Macdonald <[email protected]>
+
+ * Tools/gdomap.c: Use uint32_t rather than unsigned long ... we are
+ actually dealing with 4 byte values (from htonl), not native longs,
+ and this can result in buffer overrun when we try copying a 64bit
+ value into a 32bit buffer on a 64bit system.
+
2016-02-04 Richard Frith-Macdonald <[email protected]>
* Source/NSData.m: Fix for decoding base64 with unknown characters
Modified: libs/base/trunk/Tools/gdomap.c
URL:
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?rev=39342&r1=39341&r2=39342&view=diff
==============================================================================
--- libs/base/trunk/Tools/gdomap.c (original)
+++ libs/base/trunk/Tools/gdomap.c Tue Feb 9 13:32:51 2016
@@ -36,6 +36,7 @@
#include <stdlib.h>
#include <stdarg.h>
#include <unistd.h> /* for gethostname() */
+#include <inttypes.h>
#ifndef __MINGW__
#include <sys/param.h> /* for MAXHOSTNAMELEN */
#include <sys/types.h>
@@ -178,11 +179,11 @@
static unsigned short my_port; /* Set in init_iface() */
-static unsigned long class_a_net;
static struct in_addr class_a_mask;
-static unsigned long class_b_net;
static struct in_addr class_b_mask;
-static unsigned long class_c_net;
+static uint32_t class_a_net;
+static uint32_t class_b_net;
+static uint32_t class_c_net;
struct in_addr class_c_mask;
static char *local_hostname = 0;
@@ -904,8 +905,8 @@
* Variables and functions for keeping track of the IP addresses of
* hosts which are running the name server.
*/
-static unsigned long prb_used = 0;
-static unsigned long prb_size = 0;
+static uint32_t prb_used = 0;
+static uint32_t prb_size = 0;
typedef struct {
struct in_addr sin;
time_t when;
@@ -1103,7 +1104,8 @@
gdomap_log(LOG_INFO);
snprintf(ebuf, sizeof(ebuf), "size of name-to-port map - %d", map_used);
gdomap_log(LOG_INFO);
- snprintf(ebuf, sizeof(ebuf), "number of known name servers - %ld", prb_used);
+ snprintf(ebuf, sizeof(ebuf), "number of known name servers - %"PRIu32,
+ prb_used);
gdomap_log(LOG_INFO);
snprintf(ebuf, sizeof(ebuf), "TCP %d read, %d sent", tcp_read, tcp_sent);
gdomap_log(LOG_INFO);
@@ -1168,7 +1170,7 @@
{
#if defined(__MINGW__)
INTERFACE_INFO InterfaceList[20];
- unsigned long nBytesReturned;
+ uint32_t nBytesReturned;
int i, countActive, nNumInterfaces;
SOCKET desc = WSASocket(PF_INET, SOCK_RAW, AF_INET, 0, 0, 0);
@@ -1758,7 +1760,7 @@
int r;
struct sockaddr_in sa;
#if defined(__MINGW__)
- unsigned long dummy;
+ uint32_t dummy;
#endif /* __MINGW__ */
/*
@@ -2055,7 +2057,7 @@
static void
init_probe()
{
- unsigned long nlist[interfaces];
+ uint32_t nlist[interfaces];
int nlist_size = 0;
int iface;
int i;
@@ -2075,7 +2077,7 @@
*/
for (iface = 0; iface < interfaces; iface++)
{
- unsigned long net = (addr[iface].s_addr & mask[iface].s_addr);
+ uint32_t net = (addr[iface].s_addr & mask[iface].s_addr);
if (addr[iface].s_addr == loopback.s_addr)
{
@@ -2103,7 +2105,7 @@
struct in_addr sin = { 0 };
int high = 0;
int low = 0;
- unsigned long net = 0;
+ uint32_t net = 0;
int j;
struct in_addr b;
@@ -2125,8 +2127,8 @@
}
else
{
- unsigned long ha; /* full host address. */
- unsigned long hm; /* full netmask. */
+ uint32_t ha; /* full host address. */
+ uint32_t hm; /* full netmask. */
ha = ntohl(addr[iface].s_addr);
hm = ntohl(mask[iface].s_addr);
@@ -2308,7 +2310,7 @@
{
RInfo *ri;
#if defined(__MINGW__)
- unsigned long dummy = 1;
+ uint32_t dummy = 1;
#else
int r;
#endif /* !__MINGW__ */
@@ -2699,7 +2701,7 @@
unsigned char type;
unsigned char size;
unsigned char ptype;
- unsigned long port;
+ uint32_t port;
unsigned char *buf;
map_ent *m;
@@ -2740,7 +2742,7 @@
else
{
snprintf(ebuf, sizeof(ebuf),
- " name: '%.*s' port: %ld", size, buf, port);
+ " name: '%.*s' port: %"PRIu32, size, buf, port);
gdomap_log(LOG_DEBUG);
}
}
@@ -2823,7 +2825,7 @@
snprintf(ebuf, sizeof(ebuf), "Already registered ... success");
gdomap_log(LOG_DEBUG);
}
- *(unsigned long*)wi->buf = htonl(port);
+ *(uint32_t*)wi->buf = htonl(port);
}
else if (m != 0)
{
@@ -2876,7 +2878,7 @@
if (debug > 1)
{
snprintf(ebuf, sizeof(ebuf),
- "re-register from %d to %ld",
+ "re-register from %d to %"PRIu32,
m->port, port);
gdomap_log(LOG_DEBUG);
}
@@ -2884,7 +2886,7 @@
m->net = (ptype & GDO_NET_MASK);
m->svc = (ptype & GDO_SVC_MASK);
port = htonl(m->port);
- *(unsigned long*)wi->buf = port;
+ *(uint32_t*)wi->buf = port;
}
}
#if defined(__MINGW__)
@@ -2901,18 +2903,18 @@
snprintf(ebuf, sizeof(ebuf), "Port not provided in request!");
gdomap_log(LOG_DEBUG);
}
- *(unsigned long*)wi->buf = 0;
+ *(uint32_t*)wi->buf = 0;
}
else
{ /* Use port provided in request. */
if (debug)
{
- snprintf(ebuf, sizeof(ebuf), "Registered on port %lu", port);
+ snprintf(ebuf, sizeof(ebuf), "Registered on port %"PRIu32, port);
gdomap_log(LOG_DEBUG);
}
m = map_add(buf, size, port, ptype);
port = htonl(m->port);
- *(unsigned long*)wi->buf = port;
+ *(uint32_t*)wi->buf = port;
}
}
else if (type == GDO_LOOKUP)
@@ -3019,7 +3021,7 @@
}
if (m)
{ /* Lookup found live server. */
- *(unsigned long*)wi->buf = htonl(m->port);
+ *(uint32_t*)wi->buf = htonl(m->port);
}
else
{ /* Not found. */
@@ -3059,7 +3061,7 @@
}
else
{
- *(unsigned long*)wi->buf = htonl(m->port);
+ *(uint32_t*)wi->buf = htonl(m->port);
map_del(m);
}
}
@@ -3074,11 +3076,11 @@
}
else
{
- *(unsigned long*)wi->buf = 0;
+ *(uint32_t*)wi->buf = 0;
while ((m = map_by_port(port, ptype)) != 0)
{
- *(unsigned long*)wi->buf = htonl(m->port);
+ *(uint32_t*)wi->buf = htonl(m->port);
map_del(m);
}
}
@@ -3089,9 +3091,9 @@
unsigned int j;
free(wi->buf);
- wi->buf = (char*)calloc(sizeof(unsigned long)
+ wi->buf = (char*)calloc(sizeof(uint32_t)
+ (prb_used+1)*IASIZE, 1);
- *(unsigned long*)wi->buf = htonl(prb_used+1);
+ *(uint32_t*)wi->buf = htonl(prb_used+1);
memcpy(&wi->buf[4], &ri->addr.sin_addr, IASIZE);
/*
@@ -3126,7 +3128,7 @@
* Allocate with space for number of names and set it up.
*/
wi->buf = (char*)malloc(4 + bytes);
- *(unsigned long*)wi->buf = htonl(bytes);
+ *(uint32_t*)wi->buf = htonl(bytes);
ptr = (uptr)wi->buf;
ptr += 4;
for (i = 0; i < map_used; i++)
@@ -3165,7 +3167,7 @@
#if 0
{
struct in_addr *ptr;
- unsigned long net;
+ uint32_t net;
int c;
#if defined(__MINGW__)
@@ -3281,7 +3283,7 @@
else
{
port = my_port;
- *(unsigned long*)wi->buf = htonl(port);
+ *(uint32_t*)wi->buf = htonl(port);
}
}
else if (type == GDO_PREPLY)
@@ -3708,11 +3710,11 @@
{
int desc = socket(AF_INET, SOCK_STREAM, 0);
int e = 0;
- unsigned long port = *p;
+ uint32_t port = *p;
gdo_req msg;
struct sockaddr_in sin;
#if defined(__MINGW__)
- unsigned long dummy;
+ uint32_t dummy;
#endif /* __MINGW__ */
*p = 0;
_______________________________________________
Gnustep-cvs mailing list
[email protected]
https://mail.gna.org/listinfo/gnustep-cvs
