From 976e08fab4a7829e9fe1dc5fe8ee7b96862307a6 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Wed, 14 Jan 2009 21:29:10 +0000 Subject: [PATCH] If recv_from_to is passed a buffer for the local endpoint address, clobber it before doing anything else, just in case we can't retrieve the address and the caller blindly uses the buffer anyways. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21747 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/server/network.c | 11 ++++++++++- src/kdc/network.c | 10 +++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/kadmin/server/network.c b/src/kadmin/server/network.c index 14cfd46ad..8382b7350 100644 --- a/src/kadmin/server/network.c +++ b/src/kadmin/server/network.c @@ -1146,8 +1146,13 @@ recv_from_to(int s, void *buf, size_t len, int flags, struct sockaddr *to, socklen_t *tolen) { #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE) - if (to && tolen) + if (to && tolen) { + /* Clobber with something recognizeable in case we try to use + the address. */ + memset(to, 0x40, *tolen); *tolen = 0; + } + return recvfrom(s, buf, len, flags, from, fromlen); #else int r; @@ -1159,6 +1164,10 @@ recv_from_to(int s, void *buf, size_t len, int flags, if (!to || !tolen) return recvfrom(s, buf, len, flags, from, fromlen); + /* Clobber with something recognizeable in case we can't extract + the address but try to use it anyways. */ + memset(to, 0x40, *tolen); + iov.iov_base = buf; iov.iov_len = len; memset(&msg, 0, sizeof(msg)); diff --git a/src/kdc/network.c b/src/kdc/network.c index 56799522c..fffaa1e78 100644 --- a/src/kdc/network.c +++ b/src/kdc/network.c @@ -1004,8 +1004,12 @@ recv_from_to(int s, void *buf, size_t len, int flags, struct sockaddr *to, socklen_t *tolen) { #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE) - if (to && tolen) + if (to && tolen) { + /* Clobber with something recognizeable in case we try to use + the address. */ + memset(to, 0x40, *tolen); *tolen = 0; + } return recvfrom(s, buf, len, flags, from, fromlen); #else int r; @@ -1017,6 +1021,10 @@ recv_from_to(int s, void *buf, size_t len, int flags, if (!to || !tolen) return recvfrom(s, buf, len, flags, from, fromlen); + /* Clobber with something recognizeable in case we can't extract + the address but try to use it anyways. */ + memset(to, 0x40, *tolen); + iov.iov_base = buf; iov.iov_len = len; memset(&msg, 0, sizeof(msg)); -- 2.26.2