Skip to content

Commit

Permalink
prov/sockets: fix possible buffer overrun when copying src addr
Browse files Browse the repository at this point in the history 
ofi_sizeofip returns sizeof(struct in_addr) which can be 4 and
ofi_sizeofaddr returns sizeof(struct ofi_sockaddr_in) which can be larger
Use sizeofaddr instead of sizeofip to ensure we have enough space

Signed-off-by: Alexia Ingerson <[email protected]>
  • Loading branch information
@aingerson @j-xiong
aingerson authored and j-xiong committed Nov 9, 2023
1 parent efa0755 commit 9a89bf1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions prov/sockets/src/sock_ep.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1511,7 +1511,7 @@ struct fi_info *sock_fi_info(uint32_t version, enum fi_ep_type ep_type,
info->src_addrlen = 0;
info->dest_addrlen = 0;

info->src_addr = calloc(1, ofi_sizeofip(src_addr));
info->src_addr = calloc(1, ofi_sizeofaddr(src_addr));
if (!info->src_addr)
goto err;

Expand All @@ -1532,7 +1532,7 @@ struct fi_info *sock_fi_info(uint32_t version, enum fi_ep_type ep_type,
info->addr_format = FI_SOCKADDR_IN;

if (dest_addr) {
info->dest_addr = calloc(1, ofi_sizeofip(dest_addr));
info->dest_addr = calloc(1, ofi_sizeofaddr(dest_addr));
if (!info->dest_addr)
goto err;
info->dest_addrlen = ofi_sizeofaddr(dest_addr);
Expand Down

0 comments on commit 9a89bf1

Please sign in to comment.