mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 00:48:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

bpo-35050: AF_ALG length check off-by-one error (GH-10058)

Browse source 
The length check for AF_ALG salg_name and salg_type had a off-by-one
error. The code assumed that both values are not necessarily NULL
terminated. However the Kernel code for alg_bind() ensures that the last
byte of both strings are NULL terminated.

Signed-off-by: Christian Heimes <christian@python.org>
This commit is contained in:
Christian Heimes 2018-12-10 11:22:37 +01:00 committed by Victor Stinner
parent 8e04186889
commit 2eb6ad8578
3 changed files with 24 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Modules/socketmodule.c
View file

@ -2245,13 +2245,15 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args,
{
return 0;
}
/* sockaddr_alg has fixed-sized char arrays for type and name */
if (strlen(type) > sizeof(sa->salg_type)) {
/* sockaddr_alg has fixed-sized char arrays for type, and name
* both must be NULL terminated.
*/
if (strlen(type) >= sizeof(sa->salg_type)) {
PyErr_SetString(PyExc_ValueError, "AF_ALG type too long.");
return 0;
}
strncpy((char *)sa->salg_type, type, sizeof(sa->salg_type));
if (strlen(name) > sizeof(sa->salg_name)) {
if (strlen(name) >= sizeof(sa->salg_name)) {
PyErr_SetString(PyExc_ValueError, "AF_ALG name too long.");
return 0;
}