Potential buffer overflow in getsockopt

  • Open
  • quality assurance status badge
Details
One participant
  • Mike Gran
Owner
unassigned
Submitted by
Mike Gran
Severity
normal

Debbugs page

Mike Gran wrote 7 days ago
(address . bug-guile@gnu.org)
87tt81ityj.fsf@yahoo.com
struct timeval is a potential return value of struct getsockopt, but,
when HAVE_STRUCT_LINGER is not defined, scm_t_getsockopt_result may
be too small to hold a struct timeval.

To fix this, struct timeval can be added to the scm_t_getsockopt_result
union.

Regards,
Mike Gran
From 0ebd33ee05ad02aa9b96d9910c5facb087278d00 Mon Sep 17 00:00:00 2001
From: Michael Gran <spk121@yahoo.com>
Date: Sat, 8 Mar 2025 18:42:35 -0800
Subject: [PATCH] Fixes potential buffer overflow in getsockopt

struct timeval is a possible return value of getsockopt, but,
when HAVE_STRUCT_LINGER is not defined, scm_t_getsockopt_result
may be too small to hold a struct timeval.
* libguile/socket.c: add struct timeval to scm_t_getsockopt union
---
libguile/socket.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (20 lines)
diff --git a/libguile/socket.c b/libguile/socket.c
index 101afd80d..aa012c919 100644
--- a/libguile/socket.c
+++ b/libguile/socket.c
@@ -1,4 +1,4 @@
-/* Copyright 1996-1998,2000-2007,2009,2011-2015,2018,2021,2022
+/* Copyright 1996-1998,2000-2007,2009,2011-2015,2018,2021,2022,2025
Free Software Foundation, Inc.
This file is part of Guile.
@@ -454,6 +454,7 @@ typedef union
#endif
size_t size;
int integer;
+ struct timeval timeval;
} scm_t_getsockopt_result;
SCM_DEFINE (scm_getsockopt, "getsockopt", 3, 0, 0,
--
2.48.1
Mike Gran wrote 6 days ago
(address . bug-guile@gnu.org)
87jz8weskd.fsf@yahoo.com
Mike Gran <spk121@yahoo.com> writes:

Toggle quote (7 lines)
> struct timeval is a potential return value of struct getsockopt, but,
> when HAVE_STRUCT_LINGER is not defined, scm_t_getsockopt_result may
> be too small to hold a struct timeval.
>
> To fix this, struct timeval can be added to the scm_t_getsockopt_result
> union.

Also, this should partially fix the guile-without-threads in Guix's
CI.


Regards,
Mike Gran
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 76907@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 76907
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help