[En-Nut-Discussion] FYI: Integer overflow in tcp socket write function fixed

Coleman Brumley cbrumley at polarsoft.biz
Wed Sep 30 15:37:44 CEST 2015 

Ole,

Thank you. I think I'm one of the "one off" Nut/OS users in that I don't
actively pull from the repository, but I still feel it's important to see
the patches in context of the change its addressing. 

Coleman

> -----Original Message-----
> From: en-nut-discussion-bounces at egnite.de [mailto:en-nut-discussion-
> bounces at egnite.de] On Behalf Of Ole Reinhardt
> Sent: Tuesday, September 29, 2015 5:21 PM
> To: en-nut-discussion at egnite.de
> Subject: Re: [En-Nut-Discussion] FYI: Integer overflow in tcp socket write
> function fixed
> 
> Hi Coleman,
> 
> Am 29.09.2015 23:01, schrieb Coleman Brumley:
> > I realize the patch is in SVN, but from a Nut/OS user perspective when
> > browsing this forum for issues it's nice when the patch is also
available.
> > It's nice to see the patch in the context of the problem it solves.
> >
> > So, could you send the patch to the list please?
> 
> Sure. Find it below.
> 
> In the past, we used to not publish patches on the mailing list. I'm even
not
> sure, if attachments are allowed on the list. So I'll past it inline
here...
> 
> best regards,
> 
> Ole
> 
> 
> 
> Index: nut/net/tcpsock.c
> ==========================================================
> =========
> --- nut/net/tcpsock.c	(Revision 6142)
> +++ nut/net/tcpsock.c	(Revision 6143)
> @@ -633,10 +633,10 @@
>          size = sock->so_rx_cnt - sock->so_rd_cnt;
>      if (size) {
>          NETBUF *nb;
> -        uint16_t rd_cnt;         /* Bytes read from NETBUF. */
> -        uint16_t nb_cnt;         /* Bytes left in NETBUF. */
> -        uint16_t ab_cnt;         /* Total bytes in app buffer. */
> -        uint16_t mv_cnt;         /* Bytes to move to app buffer. */
> +        int rd_cnt;         /* Bytes read from NETBUF. */
> +        int nb_cnt;         /* Bytes left in NETBUF. */
> +        int ab_cnt;         /* Total bytes in app buffer. */
> +        int mv_cnt;         /* Bytes to move to app buffer. */
> 
>          rd_cnt = sock->so_rd_cnt;
> 
> @@ -820,7 +820,7 @@
>  int NutTcpDeviceWrite(TCPSOCKET * sock, const void *buf, int size)  {
>      int rc;
> -    uint16_t sz;
> +    int sz;
>      /* hack alert for ICCAVR */
>      uint8_t *buffer = (uint8_t*) buf;
> 
> @@ -854,7 +854,7 @@
>           * send first part of data to NIC and store remaining
>           * bytes in buffer
>           */
> -        if ((uint16_t) size >= sock->so_devobsz) {
> +        if (size >= sock->so_devobsz) {
>              rc = size % sock->so_devobsz;
>              if (SendBuffer(sock, buffer, size - rc) < 0)
>                  return -1;
> 
> 
> 
> --
> kernel concepts GmbH            Tel: +49-271-771091-14
> Sieghuetter Hauptweg 48         Mob: +49-177-7420433
> D-57072 Siegen
> http://www.embedded-it.de
> http://www.kernelconcepts.de
> _______________________________________________
> http://lists.egnite.de/mailman/listinfo/en-nut-discussion

More information about the En-Nut-Discussion mailing list