|
|
fc271e6 |
From 2b46876dcccd95eeb329477ba6f413eb485703a8 Mon Sep 17 00:00:00 2001
|
|
|
fc271e6 |
From: Emilio Pozuelo Monfort <pochu27@gmail.com>
|
|
|
fc271e6 |
Date: Tue, 8 Dec 2020 22:49:11 -0800
|
|
|
fc271e6 |
Subject: [PATCH] clamonacc: Fix stack buffer overflow with old curl
|
|
|
fc271e6 |
|
|
|
fc271e6 |
curl_easy_getinfo expects a long for CURLINFO_ACTIVESOCKET, but
|
|
|
fc271e6 |
curl_socket_t is an int, which was causing a stack buffer overflow
|
|
|
fc271e6 |
and crash.
|
|
|
fc271e6 |
---
|
|
|
fc271e6 |
clamonacc/client/communication.c | 8 ++++++--
|
|
|
fc271e6 |
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
|
fc271e6 |
|
|
|
fc271e6 |
diff --git a/clamonacc/client/communication.c b/clamonacc/client/communication.c
|
|
|
fc271e6 |
index 2af46aa15a..1d2e53c03e 100644
|
|
|
fc271e6 |
--- a/clamonacc/client/communication.c
|
|
|
fc271e6 |
+++ b/clamonacc/client/communication.c
|
|
|
fc271e6 |
@@ -87,7 +87,9 @@ int onas_sendln(CURL *curl, const void *line, size_t len, int64_t timeout)
|
|
|
fc271e6 |
curlcode = curl_easy_getinfo(curl, CURLINFO_ACTIVESOCKET, &sockfd);
|
|
|
fc271e6 |
#else
|
|
|
fc271e6 |
/* Use deprecated CURLINFO_LASTSOCKET option */
|
|
|
fc271e6 |
- curlcode = curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sockfd);
|
|
|
fc271e6 |
+ long long_sockfd;
|
|
|
fc271e6 |
+ curlcode = curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &long_sockfd);
|
|
|
fc271e6 |
+ sockfd = (curl_socket_t) long_sockfd;
|
|
|
fc271e6 |
#endif
|
|
|
fc271e6 |
|
|
|
fc271e6 |
if (CURLE_OK != curlcode) {
|
|
|
fc271e6 |
@@ -152,7 +154,9 @@ int onas_recvln(struct onas_rcvln *rcv_data, char **ret_bol, char **ret_eol, int
|
|
|
fc271e6 |
rcv_data->curlcode = curl_easy_getinfo(rcv_data->curl, CURLINFO_ACTIVESOCKET, &sockfd);
|
|
|
fc271e6 |
#else
|
|
|
fc271e6 |
/* Use deprecated CURLINFO_LASTSOCKET option */
|
|
|
fc271e6 |
- rcv_data->curlcode = curl_easy_getinfo(rcv_data->curl, CURLINFO_LASTSOCKET, &sockfd);
|
|
|
fc271e6 |
+ long long_sockfd;
|
|
|
fc271e6 |
+ rcv_data->curlcode = curl_easy_getinfo(rcv_data->curl, CURLINFO_LASTSOCKET, &long_sockfd);
|
|
|
fc271e6 |
+ sockfd = (curl_socket_t) long_sockfd;
|
|
|
fc271e6 |
#endif
|
|
|
fc271e6 |
|
|
|
fc271e6 |
if (CURLE_OK != rcv_data->curlcode) {
|