common: Add mandatory length field to UDP receive calls
Current UDP receive reads up to MAX_UDP_LENGTH bytes into the passed in buffer, which may lead to buffer overflow if the write buffer is of insufficient size. Add mandatory length argument to UDP socket receive calls. Reported-by: Simone Margaritelli <simone@zimperium.com> Signed-off-by: Tom Tsou <tom.tsou@ettus.com>
This commit is contained in:
parent
29ef2c82db
commit
cbb5d790e5
22
Sockets.cpp
22
Sockets.cpp
|
@ -199,25 +199,21 @@ int DatagramSocket::send(const struct sockaddr* dest, const char * message)
|
||||||
return send(dest,message,length);
|
return send(dest,message,length);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int DatagramSocket::read(char* buffer, size_t length)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
int DatagramSocket::read(char* buffer)
|
|
||||||
{
|
{
|
||||||
socklen_t temp_len = sizeof(mSource);
|
socklen_t addr_len = sizeof(mSource);
|
||||||
int length = recvfrom(mSocketFD, (void*)buffer, MAX_UDP_LENGTH, 0,
|
int rd_length = recvfrom(mSocketFD, (void *) buffer, length, 0,
|
||||||
(struct sockaddr*)&mSource,&temp_len);
|
(struct sockaddr*) &mSource, &addr_len);
|
||||||
if ((length==-1) && (errno!=EAGAIN)) {
|
|
||||||
|
if ((rd_length==-1) && (errno!=EAGAIN)) {
|
||||||
perror("DatagramSocket::read() failed");
|
perror("DatagramSocket::read() failed");
|
||||||
devassert(0);
|
devassert(0);
|
||||||
throw SocketError();
|
throw SocketError();
|
||||||
}
|
}
|
||||||
return length;
|
return rd_length;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int DatagramSocket::read(char* buffer, size_t length, unsigned timeout)
|
||||||
int DatagramSocket::read(char* buffer, unsigned timeout)
|
|
||||||
{
|
{
|
||||||
fd_set fds;
|
fd_set fds;
|
||||||
FD_ZERO(&fds);
|
FD_ZERO(&fds);
|
||||||
|
@ -232,7 +228,7 @@ int DatagramSocket::read(char* buffer, unsigned timeout)
|
||||||
throw SocketError();
|
throw SocketError();
|
||||||
}
|
}
|
||||||
if (sel==0) return -1;
|
if (sel==0) return -1;
|
||||||
if (FD_ISSET(mSocketFD,&fds)) return read(buffer);
|
if (FD_ISSET(mSocketFD,&fds)) return read(buffer, length);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -110,7 +110,7 @@ public:
|
||||||
@param buffer A char[MAX_UDP_LENGTH] procured by the caller.
|
@param buffer A char[MAX_UDP_LENGTH] procured by the caller.
|
||||||
@return The number of bytes received or -1 on non-blocking pass.
|
@return The number of bytes received or -1 on non-blocking pass.
|
||||||
*/
|
*/
|
||||||
int read(char* buffer);
|
int read(char* buffer, size_t length);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Receive a packet with a timeout.
|
Receive a packet with a timeout.
|
||||||
|
@ -118,7 +118,7 @@ public:
|
||||||
@param maximum wait time in milliseconds
|
@param maximum wait time in milliseconds
|
||||||
@return The number of bytes received or -1 on timeout.
|
@return The number of bytes received or -1 on timeout.
|
||||||
*/
|
*/
|
||||||
int read(char* buffer, unsigned timeout);
|
int read(char* buffer, size_t length, unsigned timeout);
|
||||||
|
|
||||||
|
|
||||||
/** Send a packet to a given destination, other than the default. */
|
/** Send a packet to a given destination, other than the default. */
|
||||||
|
|
|
@ -45,7 +45,7 @@ void *testReaderIP(void *)
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
while (rc<gNumToSend) {
|
while (rc<gNumToSend) {
|
||||||
char buf[MAX_UDP_LENGTH];
|
char buf[MAX_UDP_LENGTH];
|
||||||
int count = readSocket.read(buf);
|
int count = readSocket.read(buf, MAX_UDP_LENGTH);
|
||||||
if (count>0) {
|
if (count>0) {
|
||||||
COUT("read: " << buf);
|
COUT("read: " << buf);
|
||||||
rc++;
|
rc++;
|
||||||
|
@ -65,7 +65,7 @@ void *testReaderUnix(void *)
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
while (rc<gNumToSend) {
|
while (rc<gNumToSend) {
|
||||||
char buf[MAX_UDP_LENGTH];
|
char buf[MAX_UDP_LENGTH];
|
||||||
int count = readSocket.read(buf);
|
int count = readSocket.read(buf, MAX_UDP_LENGTH);
|
||||||
if (count>0) {
|
if (count>0) {
|
||||||
COUT("read: " << buf);
|
COUT("read: " << buf);
|
||||||
rc++;
|
rc++;
|
||||||
|
|
Loading…
Reference in New Issue