overflow the buffer.
* debug/recvfrom_chk.c (__recvfrom_chk): Likewise.
2005-03-06 Ulrich Drepper <drepper@redhat.com>
+ * debug/recv_chk.c (__recv_chk): Always fail if request could
+ overflow the buffer.
+ * debug/recvfrom_chk.c (__recvfrom_chk): Likewise.
* socket/bits/socket2.h (recv): Avoid calls to the _chk variant if
we know the call succeeds.
(recvfrom): Likewise.
ssize_t
__recv_chk (int fd, void *buf, size_t n, size_t buflen, int flags)
{
- /* In case N is greater than BUFLEN, we read BUFLEN+1 bytes.
- This might overflow the buffer but the damage is reduced to just
- one byte. And the program will terminate right away. */
- ssize_t nrecv = __recv (fd, buf, MIN (n, buflen + 1), flags);
- if (nrecv > 0 && (size_t) nrecv > buflen)
+ if (n > buflen)
__chk_fail ();
- return nrecv;
+
+ return __recv (fd, buf, n, flags);
}
__recvfrom_chk (int fd, void *buf, size_t n, size_t buflen, int flags,
__SOCKADDR_ARG addr, socklen_t *addr_len)
{
- /* In case N is greater than BUFLEN, we read BUFLEN+1 bytes.
- This might overflow the buffer but the damage is reduced to just
- one byte. And the program will terminate right away. */
- ssize_t nrecv = __recvfrom (fd, buf, MIN (n, buflen + 1), flags,
- addr, addr_len);
- if (nrecv > 0 && (size_t) nrecv > buflen)
+ if (n > buflen)
__chk_fail ();
- return nrecv;
+
+ return __recvfrom (fd, buf, n, flags, addr, addr_len);
}