Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-3062

C++ TServerSocket invalid port number (over 999999) causes stack corruption

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.9.2
    • 0.9.3
    • C++ - Library

    Description

      In TServerSocket::listen() a buffer of size 7 is allocated for the string to numeric translation of the port number, defined as int:

        char port[sizeof("65536") + 1];
  ...
  sprintf(port, "%d", port_);

      An input of 1000000 or more will cause stack corruption. Recommend changing sprintf to something safer, or making a larger buffer. In this case, one can safely allocate a fixed size buffer on the stack to accomodate the largest result possible, avoiding the problem. Alternatively, ensure the input is bound, which is what TSocket::localOpen() does.

      Attachments

        1. THRIFT-3062.patch
          4 kB
          James E. King III

        Issue Links

          is blocked by

          Improvement - An improvement or enhancement to an existing feature or task. THRIFT-1025 C++ ServerSocket should inherit from Socket with the necessary Ctor to listen on connections from a specific host (similar to perl library)

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jking3 James E. King III
              jking3 James E. King III
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: