summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-08-20 07:38:11 +0000
committerwez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-08-20 07:38:11 +0000
commit1a872dff28bdbf21b4ba2f658777af6b218cbf83 (patch)
treec7075150ddc6e50f651e872a77a3ac83ed850fba
parentfca27b0b733ad7acef36d402180afe827f613097 (diff)
downloadchromium_src-1a872dff28bdbf21b4ba2f658777af6b218cbf83.zip
chromium_src-1a872dff28bdbf21b4ba2f658777af6b218cbf83.tar.gz
chromium_src-1a872dff28bdbf21b4ba2f658777af6b218cbf83.tar.bz2
Check the size of supplied sockaddr structures in FromSockAddr.
BUG= TEST=Green, green, green, lots of green, on the various bots. Review URL: http://codereview.chromium.org/7659003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97574 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--net/base/ip_endpoint.cc4
-rw-r--r--net/base/ip_endpoint_unittest.cc9
2 files changed, 13 insertions, 0 deletions
diff --git a/net/base/ip_endpoint.cc b/net/base/ip_endpoint.cc
index 55ea4465..2578ded 100644
--- a/net/base/ip_endpoint.cc
+++ b/net/base/ip_endpoint.cc
@@ -83,6 +83,8 @@ bool IPEndPoint::FromSockAddr(const struct sockaddr* address,
DCHECK(address);
switch (address->sa_family) {
case AF_INET: {
+ if (address_length < sizeof(struct sockaddr_in))
+ return false;
const struct sockaddr_in* addr =
reinterpret_cast<const struct sockaddr_in*>(address);
port_ = ntohs(addr->sin_port);
@@ -91,6 +93,8 @@ bool IPEndPoint::FromSockAddr(const struct sockaddr* address,
break;
}
case AF_INET6: {
+ if (address_length < sizeof(struct sockaddr_in6))
+ return false;
const struct sockaddr_in6* addr =
reinterpret_cast<const struct sockaddr_in6*>(address);
port_ = ntohs(addr->sin6_port);
diff --git a/net/base/ip_endpoint_unittest.cc b/net/base/ip_endpoint_unittest.cc
index 3808b707..b551bb4 100644
--- a/net/base/ip_endpoint_unittest.cc
+++ b/net/base/ip_endpoint_unittest.cc
@@ -108,6 +108,15 @@ TEST_F(IPEndPointTest, ToSockAddrBufTooSmall) {
}
}
+TEST_F(IPEndPointTest, FromSockAddrBufTooSmall) {
+ struct sockaddr_in addr;
+ memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+ IPEndPoint ip_endpoint;
+ struct sockaddr* sockaddr = reinterpret_cast<struct sockaddr*>(&addr);
+ EXPECT_FALSE(ip_endpoint.FromSockAddr(sockaddr, sizeof(addr) - 1));
+}
+
TEST_F(IPEndPointTest, Equality) {
for (int index = 0; index < test_count; ++index) {
IPEndPoint src(tests[index].ip_address, index);