Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-3062

C++ TServerSocket invalid port number (over 999999) causes stack corruption

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.9.2
    • 0.9.3
    • C++ - Library

    Description

      In TServerSocket::listen() a buffer of size 7 is allocated for the string to numeric translation of the port number, defined as int:

        char port[sizeof("65536") + 1];
        ...
        sprintf(port, "%d", port_);

      An input of 1000000 or more will cause stack corruption. Recommend changing sprintf to something safer, or making a larger buffer. In this case, one can safely allocate a fixed size buffer on the stack to accomodate the largest result possible, avoiding the problem. Alternatively, ensure the input is bound, which is what TSocket::localOpen() does.

      Attachments

        1. THRIFT-3062.patch
          4 kB
          James E. King III

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            jking3 James E. King III
            jking3 James E. King III
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment