diff options
| author | Stefan Metzmacher <metze@samba.org> | 2020-06-08 14:18:44 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2020-06-22 16:45:42 +0200 |
| commit | 64cee569a77e9d9d92e0dc0d2793536c9fb4a45e (patch) | |
| tree | 1a3456c38769d3bba838f804fbc01dc2126b15c3 /src | |
| parent | 309103f464af19d6190f89de959c6dc41ba58c85 (diff) | |
| download | socket_wrapper-64cee569a77e9d9d92e0dc0d2793536c9fb4a45e.tar.gz socket_wrapper-64cee569a77e9d9d92e0dc0d2793536c9fb4a45e.tar.xz socket_wrapper-64cee569a77e9d9d92e0dc0d2793536c9fb4a45e.zip | |
socket_wrapper.c: make FIONREAD handling more robust in swrap_vioctl()
We should only dereference the va args when the kernel already checked
they are valid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit c95b7cb1d7b9348472276edceff71889aa676d25)
Diffstat (limited to 'src')
| -rw-r--r-- | src/socket_wrapper.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/socket_wrapper.c b/src/socket_wrapper.c index 1b80204..fe67285 100644 --- a/src/socket_wrapper.c +++ b/src/socket_wrapper.c @@ -4726,7 +4726,7 @@ static int swrap_vioctl(int s, unsigned long int r, va_list va) { struct socket_info *si = find_socket_info(s); va_list ap; - int value; + int *value_ptr = NULL; int rc; if (!si) { @@ -4741,11 +4741,13 @@ static int swrap_vioctl(int s, unsigned long int r, va_list va) switch (r) { case FIONREAD: - value = *((int *)va_arg(ap, int *)); + if (rc == 0) { + value_ptr = ((int *)va_arg(ap, int *)); + } if (rc == -1 && errno != EAGAIN && errno != ENOBUFS) { swrap_pcap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0); - } else if (value == 0) { /* END OF FILE */ + } else if (value_ptr != NULL && *value_ptr == 0) { /* END OF FILE */ swrap_pcap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0); } break; |