diff options
author | Dimitri Staessens <[email protected]> | 2022-03-07 18:15:58 +0100 |
---|---|---|
committer | Sander Vrijders <[email protected]> | 2022-03-08 17:40:18 +0100 |
commit | a7032da6bbe875596ea1cb348a747123cda7d408 (patch) | |
tree | e6b00543a4199294c06d6bfb42bd1afb293b729d | |
parent | 2db119dd5c3e9a1ffc1360bde181a030c08bfce2 (diff) | |
download | ouroboros-a7032da6bbe875596ea1cb348a747123cda7d408.tar.gz ouroboros-a7032da6bbe875596ea1cb348a747123cda7d408.zip |
ipcpd: Fix memcpy with NULL in piggyback API
If there is no piggyback data, memcpy was passed a NULL pointer in
memcpy(buf, NULL, 0) calls, which is undefined behaviour.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
-rw-r--r-- | src/ipcpd/eth/eth.c | 6 | ||||
-rw-r--r-- | src/ipcpd/udp/main.c | 6 | ||||
-rw-r--r-- | src/ipcpd/unicast/fa.c | 6 | ||||
-rw-r--r-- | src/irmd/main.c | 8 |
4 files changed, 17 insertions, 9 deletions
diff --git a/src/ipcpd/eth/eth.c b/src/ipcpd/eth/eth.c index f62bd0a7..25f42fc8 100644 --- a/src/ipcpd/eth/eth.c +++ b/src/ipcpd/eth/eth.c @@ -496,7 +496,8 @@ static int eth_ipcp_alloc(const uint8_t * dst_addr, msg->timeout = hton32(qs.timeout); memcpy(msg + 1, hash, ipcp_dir_hash_len()); - memcpy(buf + len + ETH_HEADER_TOT_SIZE, data, dlen); + if (dlen > 0) + memcpy(buf + len + ETH_HEADER_TOT_SIZE, data, dlen); ret = eth_ipcp_send_frame(dst_addr, #if defined(BUILD_ETH_DIX) @@ -542,7 +543,8 @@ static int eth_ipcp_alloc_resp(uint8_t * dst_addr, #endif msg->response = response; - memcpy(msg + 1, data, len); + if (len > 0) + memcpy(msg + 1, data, len); if (eth_ipcp_send_frame(dst_addr, #if defined(BUILD_ETH_DIX) diff --git a/src/ipcpd/udp/main.c b/src/ipcpd/udp/main.c index 3b354ceb..7def856b 100644 --- a/src/ipcpd/udp/main.c +++ b/src/ipcpd/udp/main.c @@ -222,7 +222,8 @@ static int ipcp_udp_port_alloc(const struct sockaddr_in * r_saddr, msg->timeout = hton32(qs.timeout); memcpy(msg + 1, dst, ipcp_dir_hash_len()); - memcpy(buf + len, data, dlen); + if (dlen > 0) + memcpy(buf + len, data, dlen); if (sendto(udp_data.s_fd, msg, len + dlen, SENDTO_FLAGS, @@ -255,7 +256,8 @@ static int ipcp_udp_port_alloc_resp(const struct sockaddr_in * r_saddr, msg->d_eid = hton32(d_eid); msg->response = response; - memcpy(msg + 1, data, len); + if (len > 0) + memcpy(msg + 1, data, len); if (sendto(udp_data.s_fd, msg, sizeof(*msg) + len, SENDTO_FLAGS, diff --git a/src/ipcpd/unicast/fa.c b/src/ipcpd/unicast/fa.c index eb467a90..508f2d73 100644 --- a/src/ipcpd/unicast/fa.c +++ b/src/ipcpd/unicast/fa.c @@ -847,7 +847,8 @@ int fa_alloc(int fd, msg->timeout = hton32(qs.timeout); memcpy(msg + 1, dst, ipcp_dir_hash_len()); - memcpy(shm_du_buff_head(sdb) + len, data, dlen); + if (dlen > 0) + memcpy(shm_du_buff_head(sdb) + len, data, dlen); if (dt_write_packet(addr, qc, fa.eid, sdb)) { ipcp_sdb_release(sdb); @@ -897,7 +898,8 @@ int fa_alloc_resp(int fd, msg->s_eid = hton64(flow->s_eid); msg->response = response; - memcpy(msg + 1, data, len); + if (len > 0) + memcpy(msg + 1, data, len); if (response < 0) { fa_flow_fini(flow); diff --git a/src/irmd/main.c b/src/irmd/main.c index fdbc25a7..fab9497d 100644 --- a/src/irmd/main.c +++ b/src/irmd/main.c @@ -1698,8 +1698,8 @@ static int flow_req_arr(pid_t pid, } f->len = len; - - memcpy(f->data, data, len); + if (len > 0) + memcpy(f->data, data, len); } list_add(&f->next, &irmd.irm_flows); @@ -1764,7 +1764,9 @@ static int flow_alloc_reply(int flow_id, return -1; } - memcpy(f->data, data, len); + if (len > 0) + memcpy(f->data, data, len); + f->len = len; pthread_rwlock_unlock(&irmd.flows_lock); |