Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 64391381 authored Jul 05, 2024 by Andrei Makeev

Fix stack corruption in _find_src_addr

According to man pages for sockaddr, struct sockaddr
is not guaranteed to be an equivalent of sockaddr_in6 (28 bytes)
and is usually an equivalent of sockaddr_in (16 bytes).

Therefore use of sockaddr here may lead to memory corruption
(stack corruption as it's stack allocated) when pointer
to this 16 byte struct is passed to getsockname() function that
will write 28 bytes there and overflow it.

We've seen this happening in our setup.

Solution comes from the same sockaddr man page:
using struct sockaddr_storage that guarantees to fit any
possible address size.

See https://man7.org/linux/man-pages/man3/sockaddr.3type.html



Test: cd packages/modules/DnsResolver && atest
Change-Id: I082dee7b68c6548742465bf0a34eac221401b497
Signed-off-by: Andrei Makeev <amaksoft@meta.com>

parent 80694005

Hide whitespace changes

Inline Side-by-side

Nishith Khanna @nishithkhanna
mentioned in commit fdfe525f
· Feb 10, 2025

mentioned in commit fdfe525f

mentioned in commit fdfe525fcfa16daf4c899e4748b9437a4cc5a62a

Toggle commit list
Nishith Khanna @nishithkhanna
mentioned in commit a2a9806e
· Feb 10, 2025

mentioned in commit a2a9806e

mentioned in commit a2a9806e8196ad605caa4080712a5eec0eee05b8

Toggle commit list

Please register or to comment