Changeset 32
- Timestamp:
- 05/29/08 20:42:07
(6 months ago)
- Author:
- jtang
- Message:
Fixed potential buffer overflow where the size of the reading buffer is incorrectly calculated.
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r30 |
r32 |
|
| 2 | 2 | * |
|---|
| 3 | 3 | * Copyright (C) 2006, 2007 Tresys Technology, LLC |
|---|
| 4 | | * Developed Under US JFCOM Sponsorship |
|---|
| | 4 | * Developed Under US JFCOM Sponsorship |
|---|
| 5 | 5 | * |
|---|
| 6 | 6 | * This library is free software; you can redistribute it and/or |
|---|
| … | … | |
| 34 | 34 | #define MQ_PERMS 0666 |
|---|
| 35 | 35 | |
|---|
| 36 | | /* Create a message queue having the specified key. |
|---|
| | 36 | /* Create a message queue having the specified key. |
|---|
| 37 | 37 | * This function should only be called by a helper application |
|---|
| 38 | 38 | * and not by the sender or reciever. */ |
|---|
| … | … | |
| 40 | 40 | { |
|---|
| 41 | 41 | int msqid; |
|---|
| 42 | | |
|---|
| | 42 | |
|---|
| 43 | 43 | msqid = msgget(key, MQ_PERMS|IPC_CREAT|IPC_EXCL); |
|---|
| 44 | 44 | if (msqid < 0) |
|---|
| 45 | | fprintf(stderr, "msgget: %s\n", strerror(errno)); |
|---|
| | 45 | fprintf(stderr, "msgget: %s\n", strerror(errno)); |
|---|
| 46 | 46 | |
|---|
| 47 | 47 | return msqid; |
|---|
| … | … | |
| 60 | 60 | return; |
|---|
| 61 | 61 | } |
|---|
| 62 | | |
|---|
| 63 | | if (msgctl(msqid, IPC_RMID, NULL) < 0) |
|---|
| 64 | | fprintf(stderr, "msgctl: %s\n", strerror(errno)); |
|---|
| | 62 | |
|---|
| | 63 | if (msgctl(msqid, IPC_RMID, NULL) < 0) |
|---|
| | 64 | fprintf(stderr, "msgctl: %s\n", strerror(errno)); |
|---|
| 65 | 65 | } |
|---|
| 66 | 66 | |
|---|
| … | … | |
| 79 | 79 | return -1; |
|---|
| 80 | 80 | } |
|---|
| 81 | | |
|---|
| | 81 | |
|---|
| 82 | 82 | msqid = msgget(key, flags); |
|---|
| 83 | 83 | if (msqid < 0) { |
|---|
| … | … | |
| 85 | 85 | return -1; |
|---|
| 86 | 86 | } |
|---|
| 87 | | |
|---|
| 88 | | return msqid; |
|---|
| | 87 | |
|---|
| | 88 | return msqid; |
|---|
| 89 | 89 | } |
|---|
| 90 | 90 | |
|---|
| … | … | |
| 101 | 101 | struct msqid_ds mqbuf; |
|---|
| 102 | 102 | |
|---|
| 103 | | if (msgctl(msqid, IPC_STAT, &mqbuf) < 0) |
|---|
| | 103 | if (msgctl(msqid, IPC_STAT, &mqbuf) < 0) |
|---|
| 104 | 104 | return -1; |
|---|
| 105 | | |
|---|
| | 105 | |
|---|
| 106 | 106 | /* Change the capacity of the queue */ |
|---|
| 107 | 107 | mqbuf.msg_qbytes = mqbytes; |
|---|
| 108 | | if (msgctl(msqid, IPC_SET, &mqbuf) < 0) |
|---|
| | 108 | if (msgctl(msqid, IPC_SET, &mqbuf) < 0) |
|---|
| 109 | 109 | return -1; |
|---|
| 110 | 110 | |
|---|
| … | … | |
| 120 | 120 | int flags = block ? 0 : IPC_NOWAIT; |
|---|
| 121 | 121 | |
|---|
| 122 | | if (msgrcv(msqid, &mbuf, sizeof(mbuf |
|---|
| | 122 | if (msgrcv(msqid, &mbuf, sizeof(mbuf.mtext), type, flags) < 0) { |
|---|
| 123 | 123 | if (errno == ENOMSG) |
|---|
| 124 | 124 | return 0; |
|---|
| 125 | | } |
|---|
| 126 | | |
|---|
| | 125 | } |
|---|
| | 126 | |
|---|
| 127 | 127 | return mbuf.mtype; |
|---|
| 128 | 128 | } |
|---|
| … | … | |
| 137 | 137 | |
|---|
| 138 | 138 | mbuf.mtype = type; |
|---|
| 139 | | bzero(mbuf.mtext, 1); |
|---|
| 140 | | if (msgsnd(msqid, &mbuf, sizeof(mbuf), flags) < 0) |
|---|
| | 139 | memset(mbuf.mtext, 1, sizeof(mbuf.mtext)); |
|---|
| | 140 | if (msgsnd(msqid, &mbuf, sizeof(mbuf.mtext), flags) < 0) |
|---|
| 141 | 141 | return -1; |
|---|
| 142 | 142 | |
|---|
| 143 | 143 | return 0; |
|---|
| 144 | 144 | } |
|---|
| 145 | | |
|---|
Download in other formats:
* Generating other formats may take time.
