diff options
| author | William Jon McCann <mccann@jhu.edu> | 2007-10-15 14:20:43 +0000 |
|---|---|---|
| committer | William Jon McCann <mccann@src.gnome.org> | 2007-10-15 14:20:43 +0000 |
| commit | f0491fe99ec8e012713d302ff4e3239a5af61fc5 (patch) | |
| tree | be048bfdec3135b0777ed5ffa242485cca9a8380 /daemon/gdm-xdmcp-display-factory.c | |
| parent | 225d1bf9d3704e48a7e1d8ba2b6e109424bc5fca (diff) | |
| download | gdm-f0491fe99ec8e012713d302ff4e3239a5af61fc5.tar.gz | |
The function gdm_address_new_from_sockaddr_storage gets called in a fewPOST_SWITCH_TO_GOBJECT_BRANCH
2007-10-15 William Jon McCann <mccann@jhu.edu>
* common/gdm-address.c: (gdm_address_new_from_sockaddr),
(gdm_address_peek_local_list):
* common/gdm-address.h:
* daemon/gdm-xdmcp-display-factory.c: (do_bind),
(create_address_from_request), (decode_packet):
* gui/simple-chooser/gdm-host-chooser-widget.c: (decode_packet),
(find_broadcast_addresses), (add_hosts):
The function gdm_address_new_from_sockaddr_storage gets called in a
few places with socket addresses that aren't necessary
sockaddr_storage bytes big (all the places that call getaddrinfo).
This results in the memdup call in that function potentially copying
out of bounds bytes.
Patch from: Ray Strode <halfline@gmail.com>
svn path=/branches/mccann-gobject/; revision=5360
Diffstat (limited to 'daemon/gdm-xdmcp-display-factory.c')
| -rw-r--r-- | daemon/gdm-xdmcp-display-factory.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/daemon/gdm-xdmcp-display-factory.c b/daemon/gdm-xdmcp-display-factory.c index 3bea1829..71ef728c 100644 --- a/daemon/gdm-xdmcp-display-factory.c +++ b/daemon/gdm-xdmcp-display-factory.c @@ -446,7 +446,7 @@ do_bind (guint port, char *serv; GdmAddress *addr; - addr = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr); + addr = gdm_address_new_from_sockaddr (ai->ai_addr, ai->ai_addrlen); host = NULL; serv = NULL; @@ -1356,7 +1356,7 @@ create_address_from_request (ARRAY8 *req_addr, if (ai != NULL) { found = TRUE; if (address != NULL) { - *address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr); + *address = gdm_address_new_from_sockaddr (ai->ai_addr, ai->ai_addrlen); } } @@ -2629,7 +2629,7 @@ decode_packet (GIOChannel *source, return TRUE; } - address = gdm_address_new_from_sockaddr_storage (&clnt_ss); + address = gdm_address_new_from_sockaddr ((struct sockaddr *) &clnt_ss, ss_len); if (address == NULL) { g_warning (_("XMDCP: Unable to parse address")); return TRUE; |