svn rev #21747: trunk/src/ kadmin/server/ kdc/

raeburn@MIT.EDU raeburn at MIT.EDU
Wed Jan 14 16:29:13 EST 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=21747
Commit By: raeburn
Log Message:
If recv_from_to is passed a buffer for the local endpoint address,
clobber it before doing anything else, just in case we can't retrieve
the address and the caller blindly uses the buffer anyways.


Changed Files:
U   trunk/src/kadmin/server/network.c
U   trunk/src/kdc/network.c
Modified: trunk/src/kadmin/server/network.c
===================================================================
--- trunk/src/kadmin/server/network.c	2009-01-14 20:05:09 UTC (rev 21746)
+++ trunk/src/kadmin/server/network.c	2009-01-14 21:29:10 UTC (rev 21747)
@@ -1146,8 +1146,13 @@
 	     struct sockaddr *to, socklen_t *tolen)
 {
 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
-    if (to && tolen)
+    if (to && tolen) {
+	/* Clobber with something recognizeable in case we try to use
+	   the address.  */
+	memset(to, 0x40, *tolen);
 	*tolen = 0;
+    }
+
     return recvfrom(s, buf, len, flags, from, fromlen);
 #else
     int r;
@@ -1159,6 +1164,10 @@
     if (!to || !tolen)
 	return recvfrom(s, buf, len, flags, from, fromlen);
 
+    /* Clobber with something recognizeable in case we can't extract
+       the address but try to use it anyways.  */
+    memset(to, 0x40, *tolen);
+
     iov.iov_base = buf;
     iov.iov_len = len;
     memset(&msg, 0, sizeof(msg));

Modified: trunk/src/kdc/network.c
===================================================================
--- trunk/src/kdc/network.c	2009-01-14 20:05:09 UTC (rev 21746)
+++ trunk/src/kdc/network.c	2009-01-14 21:29:10 UTC (rev 21747)
@@ -1004,8 +1004,12 @@
 	     struct sockaddr *to, socklen_t *tolen)
 {
 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
-    if (to && tolen)
+    if (to && tolen) {
+	/* Clobber with something recognizeable in case we try to use
+	   the address.  */
+	memset(to, 0x40, *tolen);
 	*tolen = 0;
+    }
     return recvfrom(s, buf, len, flags, from, fromlen);
 #else
     int r;
@@ -1017,6 +1021,10 @@
     if (!to || !tolen)
 	return recvfrom(s, buf, len, flags, from, fromlen);
 
+    /* Clobber with something recognizeable in case we can't extract
+       the address but try to use it anyways.  */
+    memset(to, 0x40, *tolen);
+
     iov.iov_base = buf;
     iov.iov_len = len;
     memset(&msg, 0, sizeof(msg));

More information about the cvs-krb5 mailing list