From 06dd701eb71016feafd57bf58baa6dfdaa2cea9a Mon Sep 17 00:00:00 2001
From: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 12 Jan 2009 16:00:03 +0000
Subject: * ext/socket/socket.c (sock_s_unpack_sockaddr_in): check too short  
 sockaddr.   (sock_s_unpack_sockaddr_un): ditto.

git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@21469 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/socket/socket.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'ext')

diff --git a/ext/socket/socket.c b/ext/socket/socket.c
index b161f038f..098fd3a8c 100644
--- a/ext/socket/socket.c
+++ b/ext/socket/socket.c
@@ -4328,6 +4328,11 @@ sock_s_unpack_sockaddr_in(VALUE self, VALUE addr)
     VALUE host;
 
     sockaddr = (struct sockaddr_in*)SockAddrStringValuePtr(addr);
+    if (RSTRING_LEN(addr) <
+        (char*)&((struct sockaddr *)sockaddr)->sa_family +
+        sizeof(((struct sockaddr *)sockaddr)->sa_family) -
+        (char*)sockaddr)
+        rb_raise(rb_eArgError, "too short sockaddr");
     if (((struct sockaddr *)sockaddr)->sa_family != AF_INET
 #ifdef INET6
         && ((struct sockaddr *)sockaddr)->sa_family != AF_INET6
@@ -4397,6 +4402,11 @@ sock_s_unpack_sockaddr_un(VALUE self, VALUE addr)
     VALUE path;
 
     sockaddr = (struct sockaddr_un*)SockAddrStringValuePtr(addr);
+    if (RSTRING_LEN(addr) <
+        (char*)&((struct sockaddr *)sockaddr)->sa_family +
+        sizeof(((struct sockaddr *)sockaddr)->sa_family) -
+        (char*)sockaddr)
+        rb_raise(rb_eArgError, "too short sockaddr");
     if (((struct sockaddr *)sockaddr)->sa_family != AF_UNIX) {
         rb_raise(rb_eArgError, "not an AF_UNIX sockaddr");
     }
-- 
cgit