ghost
commented
3 years ago @youngwolf-project commented on Nov 5, 2018, 5:35 AM UTC:
I feel that 'int address_length = sizeof(sockaddr_storage_type);' is just to get the max size of the four members in union address, and sockaddr_storage_type should be the biggest one. If so, then original code is right, but I feel that we should change the code like this: int address_length = sizeof(address);
@TejasSonawan commented on Nov 1, 2018, 6:05 PM UTC:
Static code analyser tool "Fortify" found critical error in boost/asio in following file
Lib/boost/boost/asio/detail/impl/socket_ops.ipp : 2198
Summary The function inet_pton() in socket_ops.ipp writes outside the bounds of base on line 2198, which could corrupt data, cause the program to crash, or lead to the execution of malicious code.The program writes outside the bounds of allocated memory, which could corrupt data, crash the program, or lead to the execution of malicious code.
union { socket_addr_type base; sockaddr_storage_type storage; sockaddr_in4_type v4; sockaddr_in6_type v6; } address; int address_length = sizeof(sockaddr_storage_type);
if defined(BOOST_NO_ANSI_APIS) || (defined(_MSC_VER) && (_MSC_VER >= 1800))
int num_wide_chars = static_cast(strlen(src)) + 1; LPWSTR wide_buffer = (LPWSTR)_alloca(num_wide_chars * sizeof(WCHAR)); ::MultiByteToWideChar(CP_ACP, 0, src, -1, wide_buffer, num_wide_chars); int result = error_wrapper(::WSAStringToAddressW( wide_buffer, af, 0, &address.base, &address_length), ec);
else
int result = error_wrapper(::WSAStringToAddressA( const_cast<char*>(src), af, 0, &address.base, &address_length), ec);
endif
By modifying the below line the error disappear.
Original Line int address_length = sizeof(sockaddr_storage_type);
changed to int address_length = sizeof(socket_addr_type);
Could you please check and do the correction?
This issue was moved by chriskohlhoff from boostorg/asio#160.