diff options
author | wez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-20 07:38:11 +0000 |
---|---|---|
committer | wez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-20 07:38:11 +0000 |
commit | 1a872dff28bdbf21b4ba2f658777af6b218cbf83 (patch) | |
tree | c7075150ddc6e50f651e872a77a3ac83ed850fba | |
parent | fca27b0b733ad7acef36d402180afe827f613097 (diff) | |
download | chromium_src-1a872dff28bdbf21b4ba2f658777af6b218cbf83.zip chromium_src-1a872dff28bdbf21b4ba2f658777af6b218cbf83.tar.gz chromium_src-1a872dff28bdbf21b4ba2f658777af6b218cbf83.tar.bz2 |
Check the size of supplied sockaddr structures in FromSockAddr.
BUG=
TEST=Green, green, green, lots of green, on the various bots.
Review URL: http://codereview.chromium.org/7659003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97574 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | net/base/ip_endpoint.cc | 4 | ||||
-rw-r--r-- | net/base/ip_endpoint_unittest.cc | 9 |
2 files changed, 13 insertions, 0 deletions
diff --git a/net/base/ip_endpoint.cc b/net/base/ip_endpoint.cc index 55ea4465..2578ded 100644 --- a/net/base/ip_endpoint.cc +++ b/net/base/ip_endpoint.cc @@ -83,6 +83,8 @@ bool IPEndPoint::FromSockAddr(const struct sockaddr* address, DCHECK(address); switch (address->sa_family) { case AF_INET: { + if (address_length < sizeof(struct sockaddr_in)) + return false; const struct sockaddr_in* addr = reinterpret_cast<const struct sockaddr_in*>(address); port_ = ntohs(addr->sin_port); @@ -91,6 +93,8 @@ bool IPEndPoint::FromSockAddr(const struct sockaddr* address, break; } case AF_INET6: { + if (address_length < sizeof(struct sockaddr_in6)) + return false; const struct sockaddr_in6* addr = reinterpret_cast<const struct sockaddr_in6*>(address); port_ = ntohs(addr->sin6_port); diff --git a/net/base/ip_endpoint_unittest.cc b/net/base/ip_endpoint_unittest.cc index 3808b707..b551bb4 100644 --- a/net/base/ip_endpoint_unittest.cc +++ b/net/base/ip_endpoint_unittest.cc @@ -108,6 +108,15 @@ TEST_F(IPEndPointTest, ToSockAddrBufTooSmall) { } } +TEST_F(IPEndPointTest, FromSockAddrBufTooSmall) { + struct sockaddr_in addr; + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + IPEndPoint ip_endpoint; + struct sockaddr* sockaddr = reinterpret_cast<struct sockaddr*>(&addr); + EXPECT_FALSE(ip_endpoint.FromSockAddr(sockaddr, sizeof(addr) - 1)); +} + TEST_F(IPEndPointTest, Equality) { for (int index = 0; index < test_count; ++index) { IPEndPoint src(tests[index].ip_address, index); |