summaryrefslogtreecommitdiff
path: root/src/basic
diff options
context:
space:
mode:
authorYu Watanabe <watanabe.yu+github@gmail.com>2018-08-22 12:33:27 +0900
committerSven Eden <sven.eden@prydeworx.com>2018-10-29 10:18:25 +0100
commitb18cff1a304aa74e35db7775edeb9e681e44559c (patch)
tree7f7be86a8ec12f46a9d0a575484aa5931517e063 /src/basic
parentd07ba72570dd5624913701fecf3244e1fa5c1438 (diff)
util: do not use stack frame for parsing arbitrary inputs
This replaces strndupa() by strndup() in socket_address_parse(), as input string may be too long. Fixes issue 10007 by ClusterFuzz-External: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10007 (cherry picked from commit 8d30fcb9b51b1d102a589171b6e28f5f370236f6)
Diffstat (limited to 'src/basic')
-rw-r--r--src/basic/socket-util.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 7958e815b..091720afb 100644
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -53,6 +53,8 @@ DEFINE_STRING_TABLE_LOOKUP(socket_address_type, int);
int socket_address_parse(SocketAddress *a, const char *s) {
char *e, *n;
unsigned u;
+ _cleanup_free_ char *n = NULL;
+ char *e;
int r;
assert(a);
@@ -71,6 +73,9 @@ int socket_address_parse(SocketAddress *a, const char *s) {
return -EINVAL;
n = strndupa(s+1, e-s-1);
+ n = strndup(s+1, e-s-1);
+ if (!n)
+ return -ENOMEM;
errno = 0;
if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0)
@@ -134,6 +139,10 @@ int socket_address_parse(SocketAddress *a, const char *s) {
return r;
n = strndupa(cid_start, e - cid_start);
+ n = strndup(cid_start, e - cid_start);
+ if (!n)
+ return -ENOMEM;
+
if (!isempty(n)) {
r = safe_atou(n, &a->sockaddr.vm.svm_cid);
if (r < 0)
@@ -160,6 +169,9 @@ int socket_address_parse(SocketAddress *a, const char *s) {
return -EINVAL;
n = strndupa(s, e-s);
+ n = strndup(s, e-s);
+ if (!n)
+ return -ENOMEM;
/* IPv4 in w.x.y.z:p notation? */
r = inet_pton(AF_INET, n, &a->sockaddr.in.sin_addr);