Commit b382ad9bcaf0aea596387dfe49b4f7df173b30e3

Tim Bateman 2013-12-03T10:46:32

Fixed one byte stack overflow in mcast recvfrom. The actual overflow happens when enforcing the NULL termination shortly after the recvfrom.

1
2
3
4
5
6
7
8
9
10
11
12
13
diff --git a/api.c b/api.c
index c82b0d2..108bda1 100644
--- a/api.c
+++ b/api.c
@@ -4278,7 +4278,7 @@ static void mcast()
 
 		count++;
 		came_from_siz = sizeof(came_from);
-		if (SOCKETFAIL(rep = recvfrom(mcast_sock, buf, sizeof(buf),
+		if (SOCKETFAIL(rep = recvfrom(mcast_sock, buf, sizeof(buf) - 1,
 						0, (struct sockaddr *)(&came_from), &came_from_siz))) {
 			applog(LOG_DEBUG, "API mcast failed count=%d (%s) (%d)",
 					count, SOCKERRMSG, (int)mcast_sock);