[En-Nut-Discussion] FYI: Integer overflow in tcp socket write function fixed
Ole Reinhardt
ole.reinhardt at embedded-it.de
Tue Sep 29 23:21:18 CEST 2015
Hi Coleman,
Am 29.09.2015 23:01, schrieb Coleman Brumley:
> I realize the patch is in SVN, but from a Nut/OS user perspective when
> browsing this forum for issues it's nice when the patch is also available.
> It's nice to see the patch in the context of the problem it solves.
>
> So, could you send the patch to the list please?
Sure. Find it below.
In the past, we used to not publish patches on the mailing list. I'm
even not sure, if attachments are allowed on the list. So I'll past it
inline here...
best regards,
Ole
Index: nut/net/tcpsock.c
===================================================================
--- nut/net/tcpsock.c (Revision 6142)
+++ nut/net/tcpsock.c (Revision 6143)
@@ -633,10 +633,10 @@
size = sock->so_rx_cnt - sock->so_rd_cnt;
if (size) {
NETBUF *nb;
- uint16_t rd_cnt; /* Bytes read from NETBUF. */
- uint16_t nb_cnt; /* Bytes left in NETBUF. */
- uint16_t ab_cnt; /* Total bytes in app buffer. */
- uint16_t mv_cnt; /* Bytes to move to app buffer. */
+ int rd_cnt; /* Bytes read from NETBUF. */
+ int nb_cnt; /* Bytes left in NETBUF. */
+ int ab_cnt; /* Total bytes in app buffer. */
+ int mv_cnt; /* Bytes to move to app buffer. */
rd_cnt = sock->so_rd_cnt;
@@ -820,7 +820,7 @@
int NutTcpDeviceWrite(TCPSOCKET * sock, const void *buf, int size)
{
int rc;
- uint16_t sz;
+ int sz;
/* hack alert for ICCAVR */
uint8_t *buffer = (uint8_t*) buf;
@@ -854,7 +854,7 @@
* send first part of data to NIC and store remaining
* bytes in buffer
*/
- if ((uint16_t) size >= sock->so_devobsz) {
+ if (size >= sock->so_devobsz) {
rc = size % sock->so_devobsz;
if (SendBuffer(sock, buffer, size - rc) < 0)
return -1;
--
kernel concepts GmbH Tel: +49-271-771091-14
Sieghuetter Hauptweg 48 Mob: +49-177-7420433
D-57072 Siegen
http://www.embedded-it.de
http://www.kernelconcepts.de
More information about the En-Nut-Discussion
mailing list