From: Erich Keane Date: Wed, 7 Jan 2015 21:23:25 +0000 (-0800) Subject: Fixed invalid memory read, removed dead code X-Git-Tag: upstream/0.9.0+71+gdd63de5~28^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=04f6cb83d6cf943aef2c29ac60dbe575299b61df;p=contrib%2Fiotivity.git Fixed invalid memory read, removed dead code Debug.c's coap_print_addr had its functionality completely removed in the past. However, this resulted in returning SOMETHING (not zero!) despite not actually correctly writing to the addr parameter. Since this parameter is uninitialized when sent to this function, and the return value is used to determine whether it correctly added info to the addr, the debug print following this (net.c:972) attempted to read the uninitialized data, potentially causing memory corruption. This fix removes the 'dead' code, then returns a zero (failure, nothing written). Change-Id: If4f2c131d9b2f585299363f21c3686c25de29104 Signed-off-by: Erich Keane --- diff --git a/resource/csdk/libcoap-4.1.1/debug.c b/resource/csdk/libcoap-4.1.1/debug.c index 3a03806..96ee2a2 100644 --- a/resource/csdk/libcoap-4.1.1/debug.c +++ b/resource/csdk/libcoap-4.1.1/debug.c @@ -146,94 +146,7 @@ TODO(FIX: Fix this) (void)addr; (void)buf; (void)len; -#if 0 -#ifdef HAVE_ARPA_INET_H - const void *addrptr = NULL; - in_port_t port; - unsigned char *p = buf; - - switch (addr->addr.sa.sa_family) { - case AF_INET: - addrptr = &addr->addr.sin.sin_addr; - port = ntohs(addr->addr.sin.sin_port); - break; - case AF_INET6: - if (len < 7) /* do not proceed if buffer is even too short for [::]:0 */ - return 0; - - *p++ = '['; - - addrptr = &addr->addr.sin6.sin6_addr; - port = ntohs(addr->addr.sin6.sin6_port); - - break; - default: - memcpy(buf, "(unknown address type)", min(22, len)); - return min(22, len); - } - - if (inet_ntop(addr->addr.sa.sa_family, addrptr, (char *)p, len) == 0) { - perror("coap_print_addr"); - return 0; - } - - p += strnlen((char *)p, len); - - if (addr->addr.sa.sa_family == AF_INET6) { - if (p < buf + len) { - *p++ = ']'; - } else - return 0; - } - - p += snprintf((char *)p, buf + len - p + 1, ":%d", port); - - return buf + len - p; -#else /* HAVE_ARPA_INET_H */ -# if WITH_CONTIKI - unsigned char *p = buf; - uint8_t i; -# if WITH_UIP6 - const unsigned char hex[] = "0123456789ABCDEF"; - - if (len < 41) - return 0; - - *p++ = '['; - - for (i=0; i < 16; i += 2) { - if (i) { - *p++ = ':'; - } - *p++ = hex[(addr->addr.u8[i] & 0xf0) >> 4]; - *p++ = hex[(addr->addr.u8[i] & 0x0f)]; - *p++ = hex[(addr->addr.u8[i+1] & 0xf0) >> 4]; - *p++ = hex[(addr->addr.u8[i+1] & 0x0f)]; - } - *p++ = ']'; -# else /* WITH_UIP6 */ -# warning "IPv4 network addresses will not be included in debug output" - - if (len < 21) - return 0; -# endif /* WITH_UIP6 */ - if (buf + len - p < 6) return 0; - -#ifdef HAVE_SNPRINTF - p += snprintf((char *)p, buf + len - p + 1, ":%d", uip_htons(addr->port)); -#else /* HAVE_SNPRINTF */ - /* @todo manual conversion of port number */ -#endif /* HAVE_SNPRINTF */ - - return p - buf; -# else /* WITH_CONTIKI */ - /* TODO: output addresses manually */ -# warning "inet_ntop() not available, network addresses will not be included in debug output" -# endif /* WITH_CONTIKI */ - return 0; -#endif -#endif //if 0 } #ifndef WITH_CONTIKI