PATCH: overflow in ipx socket handling
Marcus Meissner
meissner at suse.de
Thu Apr 28 09:54:46 CDT 2005
Hi,
addr is a WS_sockaddr_ipx, which is smaller than WS_sockaddr.
Not sure if the fix is right, but it will avoid the stack corruption.
Ciao, Marcus
Changelog:
Fixed stack overwrite by using sizeof(WS_sockaddr_ipx)
Index: dlls/winsock//socket.c
===================================================================
RCS file: /home/wine/wine/dlls/winsock/socket.c,v
retrieving revision 1.176
diff -u -r1.176 socket.c
--- dlls/winsock//socket.c 28 Mar 2005 14:17:51 -0000 1.176
+++ dlls/winsock//socket.c 28 Apr 2005 12:49:22 -0000
@@ -1704,8 +1704,8 @@
* only "one" device active and further it is not possible to query things like the linkspeed.
*/
FIXME("IPX_ADDRESS\n");
- namelen = sizeof(struct WS_sockaddr);
- memset(&addr, 0, sizeof(struct WS_sockaddr));
+ namelen = sizeof(struct WS_sockaddr_ipx);
+ memset(&addr, 0, sizeof(struct WS_sockaddr_ipx));
WS_getsockname(s, (struct WS_sockaddr*)&addr, &namelen);
data = (IPX_ADDRESS_DATA*)optval;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20050428/c01ee9c1/attachment.pgp
More information about the wine-patches
mailing list