[En-Nut-Discussion] FYI: Integer overflow in tcp socket write function fixed
Ole Reinhardt
ole.reinhardt at embedded-it.de
Tue Sep 29 22:29:54 CEST 2015
Hi all,
I fixed another long time hidden bug in the TCP socket code.
There had been two integer overflow in NutTcpDeviceWrite() and
NutTcpReceive()
Both functions suffered from size calculations based on uint16_t
variables, which resulted in integer overflows, when calling these
functions with buffer sizes > 64K.
As result NutTcpDeviceWrite() send out the wrong number of bytes, but
always returned, that it correctly wrote the whole buffer size.
So when calling write() or fwrite() on a socket with a buffer larger
than 64K you likely would have lost data on the socket.
Same could perhaps have happened when calling fread() or read() on a
socket with large buffers.
The fix is implemented in trunk rev. r6143.
best regards,
Ole Reinhardt
--
kernel concepts GmbH Tel: +49-271-771091-14
Sieghuetter Hauptweg 48 Mob: +49-177-7420433
D-57072 Siegen
http://www.embedded-it.de
http://www.kernelconcepts.de
More information about the En-Nut-Discussion
mailing list