You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by ag...@apache.org on 2020/07/12 13:11:59 UTC
[incubator-nuttx-apps] branch master updated: telnetd: Fix the
buffer overflow
This is an automated email from the ASF dual-hosted git repository.
aguettouche pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx-apps.git
The following commit(s) were added to refs/heads/master by this push:
new 317f015 telnetd: Fix the buffer overflow
317f015 is described below
commit 317f0159a49cc47900449acacfa197cfed839030
Author: Xiang Xiao <xi...@xiaomi.com>
AuthorDate: Sun Jul 12 01:23:09 2020 +0800
telnetd: Fix the buffer overflow
Should only memset ipv6 part of socket address(exclude famliy and port field)
Signed-off-by: Xiang Xiao <xi...@xiaomi.com>
---
netutils/telnetd/telnetd_daemon.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/netutils/telnetd/telnetd_daemon.c b/netutils/telnetd/telnetd_daemon.c
index caff6ef..1960bfa 100644
--- a/netutils/telnetd/telnetd_daemon.c
+++ b/netutils/telnetd/telnetd_daemon.c
@@ -114,6 +114,7 @@ static int telnetd_daemon(int argc, FAR char *argv[])
struct sockaddr_in6 ipv6;
#endif
} addr;
+
struct telnet_session_s session;
#ifdef CONFIG_NET_SOLINGER
struct linger ling;
@@ -209,7 +210,8 @@ static int telnetd_daemon(int argc, FAR char *argv[])
addr.ipv6.sin6_port = daemon->port;
addrlen = sizeof(struct sockaddr_in6);
- memset(addr.ipv6.sin6_addr.s6_addr, 0, addrlen);
+ memset(addr.ipv6.sin6_addr.s6_addr, 0,
+ sizeof(addr.ipv6.sin6_addr.s6_addr));
}
else
#endif
@@ -266,11 +268,14 @@ static int telnetd_daemon(int argc, FAR char *argv[])
}
#ifdef CONFIG_NET_SOLINGER
- /* Configure to "linger" until all data is sent when the socket is closed */
+ /* Configure to "linger" until all data is sent when the socket is
+ * closed
+ */
ling.l_onoff = 1;
ling.l_linger = 30; /* timeout is seconds */
- if (setsockopt(acceptsd, SOL_SOCKET, SO_LINGER, &ling, sizeof(struct linger)) < 0)
+ if (setsockopt(acceptsd, SOL_SOCKET, SO_LINGER,
+ &ling, sizeof(struct linger)) < 0)
{
nerr("ERROR: setsockopt failed: %d\n", errno);
goto errout_with_acceptsd;
@@ -330,8 +335,8 @@ static int telnetd_daemon(int argc, FAR char *argv[])
*/
ninfo("Starting the telnet session\n");
- pid = task_create("Telnet session", daemon->priority, daemon->stacksize,
- daemon->entry, NULL);
+ pid = task_create("Telnet session", daemon->priority,
+ daemon->stacksize, daemon->entry, NULL);
if (pid < 0)
{
nerr("ERROR: Failed start the telnet session: %d\n", errno);