[net]: Fix buffer overflow in send_cred_buffer().

As pointed out by Johannes Wörner, para_audioc crashes on recent
Ubuntu systems due to stack smashing. This is caused by writing past
the end of the control buffer which stores the message header and
the socket credentials.

This patch fixes the bug by allocating a properly sized buffer.

diff --git a/net.c b/net.c
index 88b3e3cc8aee0b2fadfd7783c763b062b8ac0d24..9579b7df73f6a2b795cc41de9f647a71ee754ec1 100644 (file)
--- a/net.c
+++ b/net.c
@@ -742,7 +742,7 @@ int recv_cred_buffer(int fd, char *buf, size_t size)
  */
 ssize_t send_cred_buffer(int sock, char *buf)
 {
-       char control[sizeof(struct cmsghdr) + 10];
+       char control[sizeof(struct cmsghdr) + sizeof(struct ucred)];
        struct msghdr msg;
        struct cmsghdr *cmsg;
        static struct iovec iov;