[quagga-dev 10638] Re: [PATCH 1/2] lib: fix possible off-by-one in stream_put_prefix()

Jorge Boncompte [DTI2] jorge at dti2.net
Wed Jul 31 18:35:34 BST 2013 

El 31/07/2013 19:28, David Lamparter escribió:
> On Wed, Jul 31, 2013 at 07:16:05PM +0200, Jorge Boncompte [DTI2] wrote:
>> From: "Jorge Boncompte [DTI2]" <jorge at dti2.net>
>>
>> The STREAM_WRITEABLE() call only checks if there is space for the
>> prefix in the stream but does not account for the prefixlen. The
>> stream_putc() call reduces available space by 1 and we can end
>> copying one byte too much and with "endp" off by one if we are
>> near the buffer end.
>>
>> Instead of moving the stream_putc() call before STREAM_WRITEABLE(),
>> we check before hand for the required space, and open-code it. This
>> avoids a function call and verifying again the stream buffer.
>>
>> Signed-off-by: Jorge Boncompte [DTI2] <jorge at dti2.net>
>> ---
>>  lib/stream.c |    4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/lib/stream.c b/lib/stream.c
>> index ee2920e..ccd4623 100644
>> --- a/lib/stream.c
>> +++ b/lib/stream.c
>> @@ -700,13 +700,13 @@ stream_put_prefix (struct stream *s, struct prefix *p)
>>    
>>    psize = PSIZE (p->prefixlen);
>>    
>> -  if (STREAM_WRITEABLE (s) < psize)
>> +  if (STREAM_WRITEABLE (s) < (psize + sizeof (u_char)))
>>      {
>>        STREAM_BOUND_WARN (s, "put");
> 
> you lost the change to "put prefix" here :)
> (no need to re-send the patch, I can fix that on merging)
> 

	I did on purpose to send another patch that changes the other functions. :)
I'll do on top of what you commit.

-- 
==============================================================
Jorge Boncompte - Ingenieria y Gestion de RED
DTI2 - Desarrollo de la Tecnologia de las Comunicaciones
--------------------------------------------------------------
C/ Abogado Enriquez Barrios, 5   14004 CORDOBA (SPAIN)
Tlf: +34 957 761395 / FAX: +34 957 450380
==============================================================
- There is only so much duct tape you can put on something
  before it just becomes a giant ball of duct tape.
==============================================================

More information about the Quagga-dev mailing list