diff options
author | Stefan Metzmacher <metze@samba.org> | 2020-06-08 14:18:44 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2020-06-19 22:59:00 +0200 |
commit | c95b7cb1d7b9348472276edceff71889aa676d25 (patch) | |
tree | 5686ce91a8deace8b394911640b3fa17f924ace0 | |
parent | a37c0175492fb1b35257b785c71dea4e4f6d4750 (diff) | |
download | socket_wrapper-c95b7cb1d7b9348472276edceff71889aa676d25.tar.gz socket_wrapper-c95b7cb1d7b9348472276edceff71889aa676d25.tar.xz socket_wrapper-c95b7cb1d7b9348472276edceff71889aa676d25.zip |
socket_wrapper.c: make FIONREAD handling more robust in swrap_vioctl()
We should only dereference the va args when the kernel already checked
they are valid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | src/socket_wrapper.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/socket_wrapper.c b/src/socket_wrapper.c index 4fb7b23..e7a7a8a 100644 --- a/src/socket_wrapper.c +++ b/src/socket_wrapper.c @@ -4635,7 +4635,7 @@ static int swrap_vioctl(int s, unsigned long int r, va_list va) { struct socket_info *si = find_socket_info(s); va_list ap; - int value; + int *value_ptr = NULL; int rc; if (!si) { @@ -4650,11 +4650,13 @@ static int swrap_vioctl(int s, unsigned long int r, va_list va) switch (r) { case FIONREAD: - value = *((int *)va_arg(ap, int *)); + if (rc == 0) { + value_ptr = ((int *)va_arg(ap, int *)); + } if (rc == -1 && errno != EAGAIN && errno != ENOBUFS) { swrap_pcap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0); - } else if (value == 0) { /* END OF FILE */ + } else if (value_ptr != NULL && *value_ptr == 0) { /* END OF FILE */ swrap_pcap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0); } break; |