[quagga-dev 10637] Re: [PATCH 1/2] lib: fix possible off-by-one in stream_put_prefix()

David Lamparter equinox at opensourcerouting.org
Wed Jul 31 18:28:34 BST 2013


On Wed, Jul 31, 2013 at 07:16:05PM +0200, Jorge Boncompte [DTI2] wrote:
> From: "Jorge Boncompte [DTI2]" <jorge at dti2.net>
> 
> The STREAM_WRITEABLE() call only checks if there is space for the
> prefix in the stream but does not account for the prefixlen. The
> stream_putc() call reduces available space by 1 and we can end
> copying one byte too much and with "endp" off by one if we are
> near the buffer end.
> 
> Instead of moving the stream_putc() call before STREAM_WRITEABLE(),
> we check before hand for the required space, and open-code it. This
> avoids a function call and verifying again the stream buffer.
> 
> Signed-off-by: Jorge Boncompte [DTI2] <jorge at dti2.net>
> ---
>  lib/stream.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/stream.c b/lib/stream.c
> index ee2920e..ccd4623 100644
> --- a/lib/stream.c
> +++ b/lib/stream.c
> @@ -700,13 +700,13 @@ stream_put_prefix (struct stream *s, struct prefix *p)
>    
>    psize = PSIZE (p->prefixlen);
>    
> -  if (STREAM_WRITEABLE (s) < psize)
> +  if (STREAM_WRITEABLE (s) < (psize + sizeof (u_char)))
>      {
>        STREAM_BOUND_WARN (s, "put");

you lost the change to "put prefix" here :)
(no need to re-send the patch, I can fix that on merging)


-David




More information about the Quagga-dev mailing list