From: Andre Noll <maan@systemlinux.org>
Date: Sat, 25 Apr 2009 13:17:58 +0000 (+0200)
Subject: [net]: Fix buffer overflow in send_cred_buffer().
X-Git-Tag: v0.3.4~15
X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=1c4fca3000b98973a433bfd80290d159fd6696a7

[net]: Fix buffer overflow in send_cred_buffer().

As pointed out by Johannes Wörner, para_audioc crashes on recent
Ubuntu systems due to stack smashing. This is caused by writing past
the end of the control buffer which stores the message header and
the socket credentials.

This patch fixes the bug by allocating a properly sized buffer.
---

diff --git a/net.c b/net.c
index 88b3e3cc..9579b7df 100644
--- a/net.c
+++ b/net.c
@@ -742,7 +742,7 @@ int recv_cred_buffer(int fd, char *buf, size_t size)
  */
 ssize_t send_cred_buffer(int sock, char *buf)
 {
-	char control[sizeof(struct cmsghdr) + 10];
+	char control[sizeof(struct cmsghdr) + sizeof(struct ucred)];
 	struct msghdr msg;
 	struct cmsghdr *cmsg;
 	static struct iovec iov;