1195972f6Sopenharmony_ciFrom d1f9ccd5da1712477f30bf2662e8888395ed95cd Mon Sep 17 00:00:00 2001 2195972f6Sopenharmony_ciFrom: wuchangsheng <wuchangsheng2@huawei.com> 3195972f6Sopenharmony_ciDate: Wed, 21 Jul 2021 20:01:47 +0800 4195972f6Sopenharmony_ciSubject: [PATCH] fix stack-buffer-overflow in lwip_sock_make_addr and 5195972f6Sopenharmony_ci lwip_getaddrname 6195972f6Sopenharmony_ci 7195972f6Sopenharmony_ci--- 8195972f6Sopenharmony_ci src/api/sockets.c | 4 ++++ 9195972f6Sopenharmony_ci 1 file changed, 4 insertions(+) 10195972f6Sopenharmony_ci 11195972f6Sopenharmony_cidiff --git a/src/api/sockets.c b/src/api/sockets.c 12195972f6Sopenharmony_ciindex e640945..7ce9378 100644 13195972f6Sopenharmony_ci--- a/src/api/sockets.c 14195972f6Sopenharmony_ci+++ b/src/api/sockets.c 15195972f6Sopenharmony_ci@@ -1319,6 +1319,8 @@ lwip_sock_make_addr(struct netconn *conn, ip_addr_t *fromaddr, u16_t port, 16195972f6Sopenharmony_ci } else if (*fromlen > saddr.sa.sa_len) { 17195972f6Sopenharmony_ci *fromlen = saddr.sa.sa_len; 18195972f6Sopenharmony_ci } 19195972f6Sopenharmony_ci+#else 20195972f6Sopenharmony_ci+ *fromlen = LWIP_MIN(*fromlen, sizeof(saddr)); 21195972f6Sopenharmony_ci #endif 22195972f6Sopenharmony_ci MEMCPY(from, &saddr, *fromlen); 23195972f6Sopenharmony_ci return truncated; 24195972f6Sopenharmony_ci@@ -3133,6 +3135,8 @@ lwip_getaddrname(int s, struct sockaddr *name, socklen_t *namelen, u8_t local) 25195972f6Sopenharmony_ci if (*namelen > saddr.sa.sa_len) { 26195972f6Sopenharmony_ci *namelen = saddr.sa.sa_len; 27195972f6Sopenharmony_ci } 28195972f6Sopenharmony_ci+#else 29195972f6Sopenharmony_ci+ *namelen = LWIP_MIN(*namelen, sizeof(saddr)); 30195972f6Sopenharmony_ci #endif 31195972f6Sopenharmony_ci MEMCPY(name, &saddr, *namelen); 32195972f6Sopenharmony_ci 33195972f6Sopenharmony_ci-- 34195972f6Sopenharmony_ci2.23.0 35195972f6Sopenharmony_ci 36