Browse Source

Fix invalid read caused by wrong memcpy size.

Valgrind report:

Invalid read of size 8
   at 0x41CCB7: get_socket.constprop.1 (udp.c:81)
   by 0x41CDC7: udp_connect_input (udp.c:102)
   by 0x404BDE: main (tsdecrypt.c:978)
 Address 0x607a410 is 0 bytes after a block of size 64 alloc'd
   at 0x4C2A359: malloc (vg_replace_malloc.c:270)
   by 0x594955C: gaih_inet (in /lib64/libc-2.17.so)
   by 0x594D18C: getaddrinfo (in /lib64/libc-2.17.so)
   by 0x41CB95: get_socket.constprop.1 (udp.c:61)
   by 0x41CDC7: udp_connect_input (udp.c:102)
   by 0x404BDE: main (tsdecrypt.c:978)
Georgi Chorbadzhiyski 10 years ago
parent
commit
4868835da2
1 changed files with 2 additions and 2 deletions
  1. 2
    2
      udp.c

+ 2
- 2
udp.c View File

@@ -72,13 +72,13 @@ static int get_socket(const char *hostname, const char *service, int socktype, s
72 72
 			setsockopt(*sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
73 73
 			set_sock_nonblock(*sock);
74 74
 			if (is_output) {
75
-				memcpy(addr, res->ai_addr, sizeof(*addr));
75
+				memcpy(addr, res->ai_addr, res->ai_addrlen);
76 76
 				*addrlen = res->ai_addrlen;
77 77
 				ret = 0;
78 78
 				break;
79 79
 			}
80 80
 			if (bind(*sock, res->ai_addr, res->ai_addrlen) == 0) {
81
-				memcpy(addr, res->ai_addr, sizeof(*addr));
81
+				memcpy(addr, res->ai_addr, res->ai_addrlen);
82 82
 				*addrlen = res->ai_addrlen;
83 83
 				ret = 0;
84 84
 				break;

Loading…
Cancel
Save