Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-3062

C++ TServerSocket invalid port number (over 999999) causes stack corruption

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.9.2
    • Fix Version/s: 0.9.3
    • Component/s: C++ - Library
    • Labels:

      Description

      In TServerSocket::listen() a buffer of size 7 is allocated for the string to numeric translation of the port number, defined as int:

        char port[sizeof("65536") + 1];
        ...
        sprintf(port, "%d", port_);

      An input of 1000000 or more will cause stack corruption. Recommend changing sprintf to something safer, or making a larger buffer. In this case, one can safely allocate a fixed size buffer on the stack to accomodate the largest result possible, avoiding the problem. Alternatively, ensure the input is bound, which is what TSocket::localOpen() does.

        Attachments

        1. THRIFT-3062.patch
          4 kB
          James E. King III

          Issue Links

            Activity

              People

              • Assignee:
                jking3 James E. King III
                Reporter:
                jking3 James E. King III
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: