summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Staessens <[email protected]>2022-03-07 18:15:58 +0100
committerSander Vrijders <[email protected]>2022-03-08 17:40:18 +0100
commita7032da6bbe875596ea1cb348a747123cda7d408 (patch)
treee6b00543a4199294c06d6bfb42bd1afb293b729d
parent2db119dd5c3e9a1ffc1360bde181a030c08bfce2 (diff)
downloadouroboros-a7032da6bbe875596ea1cb348a747123cda7d408.tar.gz
ouroboros-a7032da6bbe875596ea1cb348a747123cda7d408.zip
ipcpd: Fix memcpy with NULL in piggyback API
If there is no piggyback data, memcpy was passed a NULL pointer in memcpy(buf, NULL, 0) calls, which is undefined behaviour. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
-rw-r--r--src/ipcpd/eth/eth.c6
-rw-r--r--src/ipcpd/udp/main.c6
-rw-r--r--src/ipcpd/unicast/fa.c6
-rw-r--r--src/irmd/main.c8
4 files changed, 17 insertions, 9 deletions
diff --git a/src/ipcpd/eth/eth.c b/src/ipcpd/eth/eth.c
index f62bd0a7..25f42fc8 100644
--- a/src/ipcpd/eth/eth.c
+++ b/src/ipcpd/eth/eth.c
@@ -496,7 +496,8 @@ static int eth_ipcp_alloc(const uint8_t * dst_addr,
msg->timeout = hton32(qs.timeout);
memcpy(msg + 1, hash, ipcp_dir_hash_len());
- memcpy(buf + len + ETH_HEADER_TOT_SIZE, data, dlen);
+ if (dlen > 0)
+ memcpy(buf + len + ETH_HEADER_TOT_SIZE, data, dlen);
ret = eth_ipcp_send_frame(dst_addr,
#if defined(BUILD_ETH_DIX)
@@ -542,7 +543,8 @@ static int eth_ipcp_alloc_resp(uint8_t * dst_addr,
#endif
msg->response = response;
- memcpy(msg + 1, data, len);
+ if (len > 0)
+ memcpy(msg + 1, data, len);
if (eth_ipcp_send_frame(dst_addr,
#if defined(BUILD_ETH_DIX)
diff --git a/src/ipcpd/udp/main.c b/src/ipcpd/udp/main.c
index 3b354ceb..7def856b 100644
--- a/src/ipcpd/udp/main.c
+++ b/src/ipcpd/udp/main.c
@@ -222,7 +222,8 @@ static int ipcp_udp_port_alloc(const struct sockaddr_in * r_saddr,
msg->timeout = hton32(qs.timeout);
memcpy(msg + 1, dst, ipcp_dir_hash_len());
- memcpy(buf + len, data, dlen);
+ if (dlen > 0)
+ memcpy(buf + len, data, dlen);
if (sendto(udp_data.s_fd, msg, len + dlen,
SENDTO_FLAGS,
@@ -255,7 +256,8 @@ static int ipcp_udp_port_alloc_resp(const struct sockaddr_in * r_saddr,
msg->d_eid = hton32(d_eid);
msg->response = response;
- memcpy(msg + 1, data, len);
+ if (len > 0)
+ memcpy(msg + 1, data, len);
if (sendto(udp_data.s_fd, msg, sizeof(*msg) + len,
SENDTO_FLAGS,
diff --git a/src/ipcpd/unicast/fa.c b/src/ipcpd/unicast/fa.c
index eb467a90..508f2d73 100644
--- a/src/ipcpd/unicast/fa.c
+++ b/src/ipcpd/unicast/fa.c
@@ -847,7 +847,8 @@ int fa_alloc(int fd,
msg->timeout = hton32(qs.timeout);
memcpy(msg + 1, dst, ipcp_dir_hash_len());
- memcpy(shm_du_buff_head(sdb) + len, data, dlen);
+ if (dlen > 0)
+ memcpy(shm_du_buff_head(sdb) + len, data, dlen);
if (dt_write_packet(addr, qc, fa.eid, sdb)) {
ipcp_sdb_release(sdb);
@@ -897,7 +898,8 @@ int fa_alloc_resp(int fd,
msg->s_eid = hton64(flow->s_eid);
msg->response = response;
- memcpy(msg + 1, data, len);
+ if (len > 0)
+ memcpy(msg + 1, data, len);
if (response < 0) {
fa_flow_fini(flow);
diff --git a/src/irmd/main.c b/src/irmd/main.c
index fdbc25a7..fab9497d 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -1698,8 +1698,8 @@ static int flow_req_arr(pid_t pid,
}
f->len = len;
-
- memcpy(f->data, data, len);
+ if (len > 0)
+ memcpy(f->data, data, len);
}
list_add(&f->next, &irmd.irm_flows);
@@ -1764,7 +1764,9 @@ static int flow_alloc_reply(int flow_id,
return -1;
}
- memcpy(f->data, data, len);
+ if (len > 0)
+ memcpy(f->data, data, len);
+
f->len = len;
pthread_rwlock_unlock(&irmd.flows_lock);