sergiotarxz/nuttx-apps
sergiotarxz/nuttx-apps
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

usrsock:fix stack-buffer-overflow issue when running basic_send test case

Browse Source 
The following error was reported when runing usrsocktest with KASAN check enabled.
    ==1348590==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xf20ec610 at pc 0x56ac61ba bp 0xf20ec278 sp 0xf20ec268

rootcause:
hdrbuf's size is not large enough to store the data in usrsock's request.

solution:
double herbuf's size to make sure the space, used to store usrsock's request, is enough.

Signed-off-by: liangchaozhong <liangchaozhong@xiaomi.com>
This commit is contained in:
liangchaozhong 2022-10-21 10:12:04 +08:00 committed by Xiang Xiao
parent 2717ba4f88
commit ffab06c6c5
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
examples/usrsocktest/usrsocktest_daemon.c
View File

@ -1579,7 +1579,7 @@ static int handle_usrsock_request(int fd, FAR struct daemon_priv_s *priv)
}, },
}; };
uint8_t hdrbuf[16]; uint8_t hdrbuf[32];
FAR struct usrsock_request_common_s *common_hdr = (FAR void *)hdrbuf; FAR struct usrsock_request_common_s *common_hdr = (FAR void *)hdrbuf;
ssize_t rlen; ssize_t rlen;
@ -1601,7 +1601,8 @@ static int handle_usrsock_request(int fd, FAR struct daemon_priv_s *priv)
return -EIO; return -EIO;
} }
assert(handlers[common_hdr->reqid].hdrlen < sizeof(hdrbuf)); assert(handlers[common_hdr->reqid].hdrlen <
(sizeof(hdrbuf) - sizeof(*common_hdr)));
rlen = read_req(fd, common_hdr, hdrbuf, rlen = read_req(fd, common_hdr, hdrbuf,
handlers[common_hdr->reqid].hdrlen); handlers[common_hdr->reqid].hdrlen);