The documented length of SRTO_RCVBUF and SRTO_SNDBUF socket options is 4 bytes, the code was setting 8 bytes without checking optlen. Hence producing an out-of-bound memory write.
Introduced since the start by PR #1109.
Affected SRT versions: v1.4.2+.
The documented length of
SRTO_RCVBUFandSRTO_SNDBUFsocket options is 4 bytes, the code was setting 8 bytes without checkingoptlen. Hence producing an out-of-bound memory write.Introduced since the start by PR #1109. Affected SRT versions: v1.4.2+.
Work within issue #3074.