libcapulet: fix a stack overflow

7e05b526 · Titouan Soulard · cc4f56ed · 7e05b526
Commit 7e05b526 authored Oct 30, 2023 by Titouan Soulard
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 13 deletions

libcapulet/net_udp.c libcapulet/net_udp.c +19 -13

No files found.
--- a/libcapulet/net_udp.c
+++ b/libcapulet/net_udp.c
@@ -4,9 +4,9 @@ struct CapuletNetUdpContext *capulet_net_udp_initialize() {
 	struct CapuletNetUdpContext *ctx;
 	void *raw_ptr;

-	size_t packet_size = sizeof(struct CapuletNetUdpPacket);
-	size_t ctx_size = sizeof(struct CapuletNetUdpContext);
-	size_t total_size = 2 * packet_size + ctx_size;
+	const size_t packet_size = sizeof(struct CapuletNetUdpPacket);
+	const size_t ctx_size = sizeof(struct CapuletNetUdpContext);
+	const size_t total_size = 2 * packet_size + ctx_size;

 	raw_ptr = malloc(total_size);
 	if(!raw_ptr) {
@@ -30,9 +30,12 @@ bool capulet_net_udp_bind(struct CapuletNetUdpContext *ctx) {
 	int result;
 	int server_socket;

-	const size_t buffer_length = sizeof(struct CapuletNetUdpContext);
+	const size_t packet_size = sizeof(struct CapuletNetUdpPacket);
+	const size_t ctx_size = sizeof(struct CapuletNetUdpContext);
+	const size_t total_size = 2 * packet_size + ctx_size;
+
 	socklen_t client_addr_size = sizeof(struct sockaddr_storage);
-	char receive_buffer[buffer_length];
+	char receive_buffer[total_size];

 	// Set up bind address
 	memset(&server_hints, 0, sizeof(struct addrinfo));
@@ -64,15 +67,15 @@ bool capulet_net_udp_bind(struct CapuletNetUdpContext *ctx) {
 	freeaddrinfo(server_infos);

 	// XXX: blocking call in an user function
-	result = recvfrom(server_socket, receive_buffer, buffer_length, 0, &client_addr, &client_addr_size);
+	result = recvfrom(server_socket, receive_buffer, total_size, 0, &client_addr, &client_addr_size);
 	if(result == -1) {
 		perror("recvfrom error");
 		return false;
 	}

-	memcpy((void *) ctx->remote, (void *) receive_buffer, buffer_length);
+	memcpy((void *) ctx->remote, (void *) receive_buffer, total_size);

-	result = sendto(server_socket, (void *) ctx->local, buffer_length, MSG_CONFIRM, &client_addr, client_addr_size);
+	result = sendto(server_socket, (void *) ctx->local, total_size, MSG_CONFIRM, &client_addr, client_addr_size);
 	if(result == -1) {
 		perror("sendto error");
 		return false;
@@ -90,8 +93,11 @@ bool capulet_net_udp_connect(struct CapuletNetUdpContext *ctx, const char *hostn
 	int result;
 	int server_socket;

-	const size_t buffer_length = sizeof(struct CapuletNetUdpContext);
-	char receive_buffer[buffer_length];
+	const size_t packet_size = sizeof(struct CapuletNetUdpPacket);
+	const size_t ctx_size = sizeof(struct CapuletNetUdpContext);
+	const size_t total_size = 2 * packet_size + ctx_size;
+
+	char receive_buffer[total_size];

 	// Set up remote address
 	memset(&server_hints, 0, sizeof(struct addrinfo));
@@ -113,7 +119,7 @@ bool capulet_net_udp_connect(struct CapuletNetUdpContext *ctx, const char *hostn
 	}

 	// Create and send a query with full capabilities
-	result = sendto(server_socket, (void *) ctx->local, buffer_length, 0, server_infos->ai_addr, server_infos->ai_addrlen);
+	result = sendto(server_socket, (void *) ctx->local, total_size, 0, server_infos->ai_addr, server_infos->ai_addrlen);
 	if(result == -1) {
 		perror("sendto error");
 		return false;
@@ -121,13 +127,13 @@ bool capulet_net_udp_connect(struct CapuletNetUdpContext *ctx, const char *hostn

 	// Wait for informations from the server
 	// XXX: blocking call in an user function
-	result = recvfrom(server_socket, receive_buffer, buffer_length, 0, server_infos->ai_addr, &server_infos->ai_addrlen);
+	result = recvfrom(server_socket, receive_buffer, total_size, 0, server_infos->ai_addr, &server_infos->ai_addrlen);
 	if(result == -1) {
 		perror("recvfrom error");
 		return false;
 	}

-	memcpy((void *) ctx->remote, (void *) receive_buffer, buffer_length);
+	memcpy((void *) ctx->remote, (void *) receive_buffer, total_size);

 	close(server_socket);
 	freeaddrinfo(server_infos);