diff options
author | Rodrigo Kumpera <kumpera@gmail.com> | 2012-11-29 02:04:27 +0400 |
---|---|---|
committer | Rodrigo Kumpera <kumpera@gmail.com> | 2012-11-29 03:23:13 +0400 |
commit | 4d9ada68b5e2c99d82495a816d35180e4a92b7e3 (patch) | |
tree | 63f67e2237bdc4912a0eac40e26eee03afc41695 | |
parent | 2209daad1c2fcfdfdd7117c710e01c58e0027d32 (diff) |
Make sure we don't corrupt the heap when serializing a unix domain socketaddr.2.10.10
* socket-io.c (create_object_from_sockaddr): The resulting array size must
be two bytes larger than the sockaddr one since we always serialize the family
kind at the beginning.
This fixes a crash on MD-linux-amd64-mono-sgen-3.0 running unit tests.
-rw-r--r-- | mono/metadata/socket-io.c | 19 |
1 files changed, 5 insertions, 14 deletions
diff --git a/mono/metadata/socket-io.c b/mono/metadata/socket-io.c index 09d0a3e27eb..200f79d379f 100644 --- a/mono/metadata/socket-io.c +++ b/mono/metadata/socket-io.c @@ -922,20 +922,11 @@ static MonoObject *create_object_from_sockaddr(struct sockaddr *saddr, g_assert (domain->sockaddr_data_field); } - /* Make sure there is space for the family and size bytes */ -#ifdef HAVE_SYS_UN_H - if (saddr->sa_family == AF_UNIX) { - /* sa_len includes the entire sockaddr size, so we don't need the - * N bytes (sizeof (unsigned short)) of the family. */ - data=mono_array_new_cached(domain, mono_get_byte_class (), sa_size); - } else -#endif - { - /* May be the +2 here is too conservative, as sa_len returns - * the length of the entire sockaddr_in/in6, including - * sizeof (unsigned short) of the family */ - data=mono_array_new_cached(domain, mono_get_byte_class (), sa_size+2); - } + /* May be the +2 here is too conservative, as sa_len returns + * the length of the entire sockaddr_in/in6, including + * sizeof (unsigned short) of the family */ + /* We can't really avoid the +2 as all code below depends on this size - INCLUDING unix domain sockets.*/ + data=mono_array_new_cached(domain, mono_get_byte_class (), sa_size+2); /* The data buffer is laid out as follows: * bytes 0 and 1 are the address family |