aboutsummaryrefslogtreecommitdiff
path: root/debug
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2005-03-06 21:25:22 +0000
committerUlrich Drepper <drepper@redhat.com>2005-03-06 21:25:22 +0000
commit84c33ccbbe045d3b074d63504b4d5fad4dc253e6 (patch)
tree3fb35293bf8aa59953b42182606de71fd65cd4f3 /debug
parent5dc2883e54cd2ceec387d6fb3b889f86b9831a87 (diff)
downloadglibc-84c33ccbbe045d3b074d63504b4d5fad4dc253e6.zip
glibc-84c33ccbbe045d3b074d63504b4d5fad4dc253e6.tar.gz
glibc-84c33ccbbe045d3b074d63504b4d5fad4dc253e6.tar.bz2
* debug/recv_chk.c (__recv_chk): Always fail if request could
overflow the buffer. * debug/recvfrom_chk.c (__recvfrom_chk): Likewise.
Diffstat (limited to 'debug')
-rw-r--r--debug/recv_chk.c9
-rw-r--r--debug/recvfrom_chk.c10
2 files changed, 6 insertions, 13 deletions
diff --git a/debug/recv_chk.c b/debug/recv_chk.c
index 7a49d17..479ebdf 100644
--- a/debug/recv_chk.c
+++ b/debug/recv_chk.c
@@ -23,11 +23,8 @@
ssize_t
__recv_chk (int fd, void *buf, size_t n, size_t buflen, int flags)
{
- /* In case N is greater than BUFLEN, we read BUFLEN+1 bytes.
- This might overflow the buffer but the damage is reduced to just
- one byte. And the program will terminate right away. */
- ssize_t nrecv = __recv (fd, buf, MIN (n, buflen + 1), flags);
- if (nrecv > 0 && (size_t) nrecv > buflen)
+ if (n > buflen)
__chk_fail ();
- return nrecv;
+
+ return __recv (fd, buf, n, flags);
}
diff --git a/debug/recvfrom_chk.c b/debug/recvfrom_chk.c
index e1b1da7..9790a15 100644
--- a/debug/recvfrom_chk.c
+++ b/debug/recvfrom_chk.c
@@ -24,12 +24,8 @@ ssize_t
__recvfrom_chk (int fd, void *buf, size_t n, size_t buflen, int flags,
__SOCKADDR_ARG addr, socklen_t *addr_len)
{
- /* In case N is greater than BUFLEN, we read BUFLEN+1 bytes.
- This might overflow the buffer but the damage is reduced to just
- one byte. And the program will terminate right away. */
- ssize_t nrecv = __recvfrom (fd, buf, MIN (n, buflen + 1), flags,
- addr, addr_len);
- if (nrecv > 0 && (size_t) nrecv > buflen)
+ if (n > buflen)
__chk_fail ();
- return nrecv;
+
+ return __recvfrom (fd, buf, n, flags, addr, addr_len);
}