ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

server: Do not accept sizeof(struct WS_sockaddr_in6_old). 

Signed-off-by: Zebediah Figura <zfigura@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Zebediah Figura 2021-07-23 11:39:08 -05:00 committed by Alexandre Julliard
parent c06e5693cb
commit d04c5f4b1b
2 changed files with 19 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
dlls/ws2_32/tests/afd.c
View File

@ -1582,17 +1582,17 @@ static void test_bind(void)
memcpy(&params->addr, &bind_addr6, sizeof(bind_addr6));
ret = NtDeviceIoControlFile((HANDLE)s, event, NULL, NULL, &io, IOCTL_AFD_BIND,
params, params6_size - 1, &addr6, sizeof(addr6));
todo_wine ok(ret == STATUS_INVALID_ADDRESS, "got %#x\n", ret);
ok(ret == STATUS_INVALID_ADDRESS, "got %#x\n", ret);
memcpy(&params->addr, &bind_addr6, sizeof(bind_addr6));
ret = NtDeviceIoControlFile((HANDLE)s, event, NULL, NULL, &io, IOCTL_AFD_BIND,
params, offsetof(struct afd_bind_params, addr) + sizeof(struct sockaddr_in6_old), &addr6, sizeof(addr6));
todo_wine ok(ret == STATUS_INVALID_ADDRESS, "got %#x\n", ret);
ok(ret == STATUS_INVALID_ADDRESS, "got %#x\n", ret);
memcpy(&params->addr, &bind_addr6, sizeof(bind_addr6));
ret = NtDeviceIoControlFile((HANDLE)s, event, NULL, NULL, &io, IOCTL_AFD_BIND,
params, offsetof(struct afd_bind_params, addr.sa_data), &addr6, sizeof(addr6));
todo_wine ok(ret == STATUS_INVALID_ADDRESS, "got %#x\n", ret);
ok(ret == STATUS_INVALID_ADDRESS, "got %#x\n", ret);
memcpy(&params->addr, &bind_addr6, sizeof(bind_addr6));
ret = NtDeviceIoControlFile((HANDLE)s, event, NULL, NULL, &io, IOCTL_AFD_BIND,
@ -1604,8 +1604,8 @@ static void test_bind(void)
params, params6_size, &addr6, sizeof(addr6));
todo_wine ok(ret == STATUS_PENDING, "got %#x\n", ret);
ret = WaitForSingleObject(event, 0);
todo_wine ok(!ret, "got %#x\n", ret);
todo_wine ok(io.Status == STATUS_INVALID_ADDRESS_COMPONENT, "got %#x\n", io.Status);
ok(!ret, "got %#x\n", ret);
ok(io.Status == STATUS_INVALID_ADDRESS_COMPONENT, "got %#x\n", io.Status);
memcpy(&params->addr, &bind_addr6, sizeof(bind_addr6));
ret = NtDeviceIoControlFile((HANDLE)s, event, NULL, NULL, &io, IOCTL_AFD_BIND,
@ -1615,7 +1615,7 @@ static void test_bind(void)
memcpy(&params->addr, &bind_addr6, sizeof(bind_addr6));
ret = NtDeviceIoControlFile((HANDLE)s, event, NULL, NULL, &io, IOCTL_AFD_BIND,
params, params6_size - 1, &addr6, sizeof(addr6) - 1);
todo_wine ok(ret == STATUS_INVALID_ADDRESS, "got %#x\n", ret);
ok(ret == STATUS_INVALID_ADDRESS, "got %#x\n", ret);
memcpy(&params->addr, &bind_addr6, sizeof(bind_addr6));
ret = NtDeviceIoControlFile((HANDLE)s, event, NULL, NULL, &io, IOCTL_AFD_BIND,
@ -1629,15 +1629,12 @@ static void test_bind(void)
params, params6_size, &addr6, sizeof(addr6));
todo_wine ok(ret == STATUS_PENDING, "got %#x\n", ret);
ret = WaitForSingleObject(event, 0);
todo_wine
{
ok(!ret, "got %#x\n", ret);
ok(!io.Status, "got %#x\n", io.Status);
ok(io.Information == sizeof(addr6), "got %#Ix\n", io.Information);
ok(addr6.sin6_family == AF_INET6, "got family %u\n", addr6.sin6_family);
ok(!memcmp(&addr6.sin6_addr, &bind_addr6.sin6_addr, sizeof(addr6.sin6_addr)), "address didn't match\n");
ok(!addr6.sin6_flowinfo, "got flow info %#x\n", addr6.sin6_flowinfo);
}
ok(!ret, "got %#x\n", ret);
ok(!io.Status, "got %#x\n", io.Status);
ok(io.Information == sizeof(addr6), "got %#Ix\n", io.Information);
ok(addr6.sin6_family == AF_INET6, "got family %u\n", addr6.sin6_family);
ok(!memcmp(&addr6.sin6_addr, &bind_addr6.sin6_addr, sizeof(addr6.sin6_addr)), "address didn't match\n");
ok(!addr6.sin6_flowinfo, "got flow info %#x\n", addr6.sin6_flowinfo);
ok(addr6.sin6_port, "expected nonzero port\n");
/* getsockname() returns EINVAL here. Possibly the socket name is cached (in shared memory?) */
@ -1645,7 +1642,7 @@ static void test_bind(void)
ret = NtDeviceIoControlFile((HANDLE)s, event, NULL, NULL, &io,
IOCTL_AFD_GETSOCKNAME, NULL, 0, &addr6_2, sizeof(addr6_2));
ok(!ret, "got %#x\n", ret);
todo_wine ok(!memcmp(&addr6, &addr6_2, sizeof(addr6)), "addresses didn't match\n");
ok(!memcmp(&addr6, &addr6_2, sizeof(addr6)), "addresses didn't match\n");
ret = NtDeviceIoControlFile((HANDLE)s, event, NULL, NULL, &io, IOCTL_AFD_BIND,
params, params6_size, &addr6, sizeof(addr6));

23
server/sock.c
View File

@ -311,7 +311,7 @@ static int sockaddr_from_unix( const union unix_sockaddr *uaddr, struct WS_socka
{
struct WS_sockaddr_in6 win = {0};
if (wsaddrlen < sizeof(struct WS_sockaddr_in6_old)) return -1;
if (wsaddrlen < sizeof(win)) return -1;
win.sin6_family = WS_AF_INET6;
win.sin6_port = uaddr->in6.sin6_port;
win.sin6_flowinfo = uaddr->in6.sin6_flowinfo;
@ -319,13 +319,8 @@ static int sockaddr_from_unix( const union unix_sockaddr *uaddr, struct WS_socka
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
win.sin6_scope_id = uaddr->in6.sin6_scope_id;
#endif
if (wsaddrlen >= sizeof(struct WS_sockaddr_in6))
{
memcpy( wsaddr, &win, sizeof(struct WS_sockaddr_in6) );
return sizeof(struct WS_sockaddr_in6);
}
memcpy( wsaddr, &win, sizeof(struct WS_sockaddr_in6_old) );
return sizeof(struct WS_sockaddr_in6_old);
memcpy( wsaddr, &win, sizeof(win) );
return sizeof(win);
}
#ifdef HAS_IPX
@ -391,19 +386,14 @@ static socklen_t sockaddr_to_unix( const struct WS_sockaddr *wsaddr, int wsaddrl
{
struct WS_sockaddr_in6 win = {0};
if (wsaddrlen < sizeof(struct WS_sockaddr_in6_old)) return 0;
if (wsaddrlen < sizeof(struct WS_sockaddr_in6))
memcpy( &win, wsaddr, sizeof(struct WS_sockaddr_in6_old) );
else
memcpy( &win, wsaddr, sizeof(struct WS_sockaddr_in6) );
if (wsaddrlen < sizeof(win)) return 0;
memcpy( &win, wsaddr, sizeof(win) );
uaddr->in6.sin6_family = AF_INET6;
uaddr->in6.sin6_port = win.sin6_port;
uaddr->in6.sin6_flowinfo = win.sin6_flowinfo;
memcpy( &uaddr->in6.sin6_addr, &win.sin6_addr, sizeof(win.sin6_addr) );
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
if (wsaddrlen >= sizeof(struct WS_sockaddr_in6))
uaddr->in6.sin6_scope_id = win.sin6_scope_id;
uaddr->in6.sin6_scope_id = win.sin6_scope_id;
#endif
return sizeof(uaddr->in6);
}
@ -462,7 +452,6 @@ static socklen_t sockaddr_to_unix( const struct WS_sockaddr *wsaddr, int wsaddrl
#endif
case sizeof(struct WS_sockaddr_in6):
case sizeof(struct WS_sockaddr_in6_old):
return sizeof(uaddr->in6);
}