From 1c4fca3000b98973a433bfd80290d159fd6696a7 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Sat, 25 Apr 2009 15:17:58 +0200 Subject: [PATCH] [net]: Fix buffer overflow in send_cred_buffer(). MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit As pointed out by Johannes Wörner, para_audioc crashes on recent Ubuntu systems due to stack smashing. This is caused by writing past the end of the control buffer which stores the message header and the socket credentials. This patch fixes the bug by allocating a properly sized buffer. --- net.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net.c b/net.c index 88b3e3cc..9579b7df 100644 --- a/net.c +++ b/net.c @@ -742,7 +742,7 @@ int recv_cred_buffer(int fd, char *buf, size_t size) */ ssize_t send_cred_buffer(int sock, char *buf) { - char control[sizeof(struct cmsghdr) + 10]; + char control[sizeof(struct cmsghdr) + sizeof(struct ucred)]; struct msghdr msg; struct cmsghdr *cmsg; static struct iovec iov; -- 2.39.2