Skip to content

Commit

Permalink
util: do not use stack frame for parsing arbitrary inputs
Browse files Browse the repository at this point in the history 
This replaces strndupa() by strndup() in socket_address_parse(),
as input string may be too long.

Fixes issue 10007 by ClusterFuzz-External:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10007
  • Loading branch information
@yuwata
yuwata committed Aug 22, 2018
1 parent 52e4d62 commit 8d30fcb
Showing 1 changed file with 12 additions and 4 deletions.
16 changes: 12 additions & 4 deletions src/basic/socket-util.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,8 @@ static const char* const socket_address_type_table[] = {
DEFINE_STRING_TABLE_LOOKUP(socket_address_type, int);

int socket_address_parse(SocketAddress *a, const char *s) {
char *e, *n;
_cleanup_free_ char *n = NULL;
char *e;
int r;

assert(a);
Expand All @@ -68,7 +69,9 @@ int socket_address_parse(SocketAddress *a, const char *s) {
if (!e)
return -EINVAL;

n = strndupa(s+1, e-s-1);
n = strndup(s+1, e-s-1);
if (!n)
return -ENOMEM;

errno = 0;
if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
Expand Down Expand Up @@ -125,7 +128,10 @@ int socket_address_parse(SocketAddress *a, const char *s) {
if (r < 0)
return r;

n = strndupa(cid_start, e - cid_start);
n = strndup(cid_start, e - cid_start);
if (!n)
return -ENOMEM;

if (!isempty(n)) {
r = safe_atou(n, &a->sockaddr.vm.svm_cid);
if (r < 0)
Expand All @@ -146,7 +152,9 @@ int socket_address_parse(SocketAddress *a, const char *s) {
if (r < 0)
return r;

n = strndupa(s, e-s);
n = strndup(s, e-s);
if (!n)
return -ENOMEM;

/* IPv4 in w.x.y.z:p notation? */
r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);
Expand Down

0 comments on commit 8d30fcb

Please sign in to comment.