perfsonar / owamp

A tool for performing one-way or two-way active measurements
Apache License 2.0
72 stars 31 forks source link

Fix buffer overflow in recvfrom() #67

Closed larsch closed 3 years ago

larsch commented 3 years ago

There is a potential buffer overflow in calls to recvfrom() because the ep->payload buffer is not over-allocated sufficiently as stated in the comment in endpoint.c. I've changed it to be allocated like how it is used. I could also be the usage that is wrong (not sure).

https://github.com/perfsonar/owamp/blob/c17e794993e1688869c7dcd3a163c7e8fbc9636d/owamp/endpoint.c#L3501-L3504

This is the length eventually passed to recvfrom() (68 bytes)

https://github.com/perfsonar/owamp/blob/c17e794993e1688869c7dcd3a163c7e8fbc9636d/owamp/endpoint.c#L3506-L3508

This is how it is allocated (41 bytes):

https://github.com/perfsonar/owamp/blob/c17e794993e1688869c7dcd3a163c7e8fbc9636d/owamp/endpoint.c#L449-L459