From d6fef65abe8b759209871ff7dc0134f2800736d4 Mon Sep 17 00:00:00 2001 From: Danilo Piparo Date: Mon, 6 Apr 2026 12:09:57 +0200 Subject: [PATCH 1/2] [net] Check received message length thanks to @Sebasteuo Partially cherry picked from commit f6e811576ab2db571723f5af40ecda2484c1cc84 Modifications were necessary for the TSocket.cxx file --- net/net/src/TPSocket.cxx | 6 ++++++ net/net/src/TSocket.cxx | 27 +++++++++++++++++---------- net/net/src/TUDPSocket.cxx | 7 +++++++ 3 files changed, 30 insertions(+), 10 deletions(-) diff --git a/net/net/src/TPSocket.cxx b/net/net/src/TPSocket.cxx index 4e19b65852f0a..467d86049cc67 100644 --- a/net/net/src/TPSocket.cxx +++ b/net/net/src/TPSocket.cxx @@ -32,6 +32,7 @@ #include "TError.h" #include "TVirtualMutex.h" +#include //////////////////////////////////////////////////////////////////////////////// /// Create a parallel socket. Connect to the named service at address addr. @@ -641,6 +642,11 @@ Int_t TPSocket::Recv(TMessage *&mess) } len = net2host(len); //from network to host byte order + if (len > (std::numeric_limits::max() - sizeof(decltype(len)))) { + Error("Recv", "Buffer length is %u and %u+sizeof(UInt_t) cannot be represented as an UInt_t.", len, len); + return -1; + } + char *buf = new char[len+sizeof(UInt_t)]; if ((n = RecvRaw(buf+sizeof(UInt_t), len, kDefault)) <= 0) { delete [] buf; diff --git a/net/net/src/TSocket.cxx b/net/net/src/TSocket.cxx index 064311b600b29..b69ca393a1c27 100644 --- a/net/net/src/TSocket.cxx +++ b/net/net/src/TSocket.cxx @@ -9,16 +9,17 @@ * For the list of contributors see $ROOTSYS/README/CREDITS. * *************************************************************************/ -////////////////////////////////////////////////////////////////////////// -// // -// TSocket // -// // -// This class implements client sockets. A socket is an endpoint for // -// communication between two machines. // -// The actual work is done via the TSystem class (either TUnixSystem // -// or TWinNTSystem). // -// // -////////////////////////////////////////////////////////////////////////// +/** +\file TSocket.cxx +\class TSocket +\brief This class implements client sockets. +\note This class deals with sockets: the user is entirely responsible for the security of their usage, for example, but +not limited to, the management of the connections to said sockets. + +A socket is an endpoint for communication between two machines. The actual work is done via the TSystem class (either +TUnixSystem or TWinNTSystem). + +**/ #include "Bytes.h" #include "Compression.h" @@ -36,6 +37,7 @@ #include "TStreamerInfo.h" #include "TProcessID.h" +#include ULong64_t TSocket::fgBytesSent = 0; ULong64_t TSocket::fgBytesRecv = 0; @@ -829,6 +831,11 @@ Int_t TSocket::Recv(TMessage *&mess) } len = net2host(len); //from network to host byte order + if (len > (std::numeric_limits::max() - sizeof(decltype(len)))) { + Error("Recv", "Buffer length is %u and %u+sizeof(UInt_t) cannot be represented as an UInt_t.", len, len); + return -1; + } + ResetBit(TSocket::kBrokenConn); char *buf = new char[len+sizeof(UInt_t)]; if ((n = gSystem->RecvRaw(fSocket, buf+sizeof(UInt_t), len, 0)) <= 0) { diff --git a/net/net/src/TUDPSocket.cxx b/net/net/src/TUDPSocket.cxx index e116e7a4f7c82..2bc0ec4d94000 100644 --- a/net/net/src/TUDPSocket.cxx +++ b/net/net/src/TUDPSocket.cxx @@ -36,6 +36,8 @@ #include "TStreamerInfo.h" #include "TProcessID.h" +#include + ULong64_t TUDPSocket::fgBytesSent = 0; ULong64_t TUDPSocket::fgBytesRecv = 0; @@ -796,6 +798,11 @@ Int_t TUDPSocket::Recv(TMessage *&mess) } len = net2host(len); //from network to host byte order + if (len > (std::numeric_limits::max() - sizeof(decltype(len)))) { + Error("Recv", "Buffer length is %u and %u+sizeof(UInt_t) cannot be represented as an UInt_t.", len, len); + return -1; + } + ResetBit(TUDPSocket::kBrokenConn); char *buf = new char[len+sizeof(UInt_t)]; if ((n = gSystem->RecvRaw(fSocket, buf+sizeof(UInt_t), len, 0)) <= 0) { From 4a112e621d99062e08a8f6f36f9014458566bf5f Mon Sep 17 00:00:00 2001 From: Danilo Piparo Date: Mon, 6 Apr 2026 11:32:34 +0200 Subject: [PATCH 2/2] [net][nfc] Refurbish documentation making it visible to Doxygen (cherry picked from commit 3afa664c514bca88abea8e72a9cec25d331cbfb2) --- net/net/src/TPServerSocket.cxx | 24 +++++++++++++----------- net/net/src/TPSocket.cxx | 24 +++++++++++++----------- net/net/src/TSSLSocket.cxx | 15 ++++++++------- net/net/src/TServerSocket.cxx | 26 +++++++++++++++----------- net/net/src/TUDPSocket.cxx | 20 ++++++++++---------- 5 files changed, 59 insertions(+), 50 deletions(-) diff --git a/net/net/src/TPServerSocket.cxx b/net/net/src/TPServerSocket.cxx index fc4819287306e..5e019c893043a 100644 --- a/net/net/src/TPServerSocket.cxx +++ b/net/net/src/TPServerSocket.cxx @@ -9,17 +9,19 @@ * For the list of contributors see $ROOTSYS/README/CREDITS. * *************************************************************************/ -////////////////////////////////////////////////////////////////////////// -// // -// TPServerSocket // -// // -// This class implements parallel server sockets. A parallel server // -// socket waits for requests to come in over the network. It performs // -// some operation based on that request and then possibly returns a // -// full duplex parallel socket to the requester. The actual work is // -// done via the TSystem class (either TUnixSystem or TWinNTSystem). // -// // -////////////////////////////////////////////////////////////////////////// +/** +\file TPServerSocket.cxx +\class TPServerSocket +\brief This class implements parallel server sockets. +\note This class deals with sockets: the user is entirely responsible for the security of their usage, for example, but +not limited to, the management of the connections to said sockets. + +This class implements parallel server sockets. A parallel server +socket waits for requests to come in over the network. It performs +some operation based on that request and then possibly returns a +full duplex parallel socket to the requester. The actual work is +done via the TSystem class (either TUnixSystem or TWinNTSystem). +**/ #include "TPServerSocket.h" #include "TROOT.h" diff --git a/net/net/src/TPSocket.cxx b/net/net/src/TPSocket.cxx index 467d86049cc67..a2ae958824d6b 100644 --- a/net/net/src/TPSocket.cxx +++ b/net/net/src/TPSocket.cxx @@ -9,17 +9,19 @@ * For the list of contributors see $ROOTSYS/README/CREDITS. * *************************************************************************/ -////////////////////////////////////////////////////////////////////////// -// // -// TPSocket // -// // -// This class implements parallel client sockets. A parallel socket is // -// an endpoint for communication between two machines. It is parallel // -// because several TSockets are open at the same time to the same // -// destination. This especially speeds up communication over Big Fat // -// Pipes (i.e. high bandwidth, high latency WAN connections). // -// // -////////////////////////////////////////////////////////////////////////// +/** +\file TPSocket.cxx +\class TPSocket +\brief This class implements parallel server sockets. +\note This class deals with sockets: the user is entirely responsible for the security of their usage, for example, but +not limited to, the management of the connections to said sockets. + +A parallel socket is an endpoint for communication between two machines. It is parallel +because several TSockets are open at the same time to the same +destination. This especially speeds up communication over Big Fat +Pipes (i.e. high bandwidth, high latency WAN connections). + +**/ #include "TPSocket.h" #include "TUrl.h" diff --git a/net/net/src/TSSLSocket.cxx b/net/net/src/TSSLSocket.cxx index e3210fc64d30a..53417fc6744a2 100644 --- a/net/net/src/TSSLSocket.cxx +++ b/net/net/src/TSSLSocket.cxx @@ -9,13 +9,14 @@ * For the list of contributors see $ROOTSYS/README/CREDITS. * *************************************************************************/ -////////////////////////////////////////////////////////////////////////// -// // -// TSSLSocket // -// // -// A TSocket wrapped in by SSL. // -// // -////////////////////////////////////////////////////////////////////////// +/** +\file TSSLSocket.cxx +\class TSSLSocket +\brief A TSocket wrapped in by SSL. +\note This class deals with sockets: the user is entirely responsible for the security of their usage, for example, but +not limited to, the management of the connections to said sockets. +**/ + #include #include "TSSLSocket.h" diff --git a/net/net/src/TServerSocket.cxx b/net/net/src/TServerSocket.cxx index 6f2da016993d3..8342d45a59962 100644 --- a/net/net/src/TServerSocket.cxx +++ b/net/net/src/TServerSocket.cxx @@ -9,17 +9,21 @@ * For the list of contributors see $ROOTSYS/README/CREDITS. * *************************************************************************/ -////////////////////////////////////////////////////////////////////////// -// // -// TServerSocket // -// // -// This class implements server sockets. A server socket waits for // -// requests to come in over the network. It performs some operation // -// based on that request and then possibly returns a full duplex socket // -// to the requester. The actual work is done via the TSystem class // -// (either TUnixSystem or TWinNTSystem). // -// // -////////////////////////////////////////////////////////////////////////// +/** +\file TServerSocket.cxx +\class TServerSocket +\brief This class implements server sockets. +\note This class deals with sockets: the user is entirely responsible for the security of their usage, for example, but +not limited to, the management of the connections to said sockets. + +This class implements server sockets. A server socket waits for +requests to come in over the network. It performs some operation +based on that request and then possibly returns a full duplex socket +to the requester. The actual work is done via the TSystem class +(either TUnixSystem or TWinNTSystem). + +**/ + #include "TServerSocket.h" #include "TSocket.h" diff --git a/net/net/src/TUDPSocket.cxx b/net/net/src/TUDPSocket.cxx index 2bc0ec4d94000..874e53bdf2519 100644 --- a/net/net/src/TUDPSocket.cxx +++ b/net/net/src/TUDPSocket.cxx @@ -9,16 +9,16 @@ * For the list of contributors see $ROOTSYS/README/CREDITS. * *************************************************************************/ -////////////////////////////////////////////////////////////////////////// -// // -// TUDPSocket // -// // -// This class implements UDP client sockets. A socket is an endpoint // -// for communication between two machines. // -// The actual work is done via the TSystem class (either TUnixSystem // -// or TWinNTSystem). // -// // -////////////////////////////////////////////////////////////////////////// +/** +\file TUDPSocket.cxx +\class TUDPSocket +\brief This class implements UDP client sockets. +\note This class deals with sockets: the user is entirely responsible for the security of their usage, for example, but +not limited to, the management of the connections to said sockets. + +A socket is an endpoint for communication between two machines. The actual work is done via the TSystem class (either +TUnixSystem or TWinNTSystem). +**/ #include "Bytes.h" #include "Compression.h"