There's some confusion about line 335 of clnt_dg.c #135

zhengyf · 2018-05-24T08:39:35Z

Line 335 in dba123c

if (addr->len < sizeof(cu->cu_raddr)) {

Let's see the code as follows

addr = (struct netbuf *)info;
if (addr->len < sizeof(cu->cu_raddr)) {
	rslt = false;
	break;

}
(void)memcpy(&cu->cu_raddr, addr->buf, addr->len);
cu->cu_rlen = addr->len;
break;

I think the condition of 'addr->len < sizeof(cu->cu_raddr)' is normal while the addr is for IPV4.

We should avoid the condition of 'addr->len > sizeof(cu->cu_raddr)' to prevent memory access out of bounds at '(void)memcpy(&cu->cu_raddr, addr->buf, addr->len);'

Is 'if (addr->len < sizeof(cu->cu_raddr)) ' supposed to be 'if (addr->len > sizeof(cu->cu_raddr)) ' ?

The text was updated successfully, but these errors were encountered:

dang · 2018-05-24T13:16:50Z

No, the API here takes a struct sockaddr_storage, so that it can easily handle all address types. You're right that we should be checking the max length, so if anything the check should be
(addr->len != sizeof(cu->raddr))

ffilz · 2024-12-05T20:02:49Z

Should we fix this or can we close?

zhengyf changed the title ~~There's some cinfusion about line 335 of clnt_dg.c~~ There's some confusion about line 335 of clnt_dg.c May 25, 2018

ffilz added bug Can we close labels Dec 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There's some confusion about line 335 of clnt_dg.c #135

There's some confusion about line 335 of clnt_dg.c #135

zhengyf commented May 24, 2018

dang commented May 24, 2018

ffilz commented Dec 5, 2024

There's some confusion about line 335 of clnt_dg.c #135

There's some confusion about line 335 of clnt_dg.c #135

Comments

zhengyf commented May 24, 2018

dang commented May 24, 2018

ffilz commented Dec 5, 2024