[ofa-general] [PATCH v3] ibutils/ibis: prevent buffer overflows
Yevgeny Kliteynik
kliteyn at dev.mellanox.co.il
Fri Oct 10 14:10:13 PDT 2008
Oren,
[v3 of the patch - fixing the signed-off line]
As discovered by Sasha, fixing two buffer overflows
in the .i files. Note that one of them is in typemap
of char array, which makes me wonder how this thing
even worked...
Please regenerate wrappers after this patch.
Signed-off-by: Sasha Khapyorsky <sashak at voltaire.com>
Signed-off-by: Yevgeny Kliteynik <kliteyn at dev.mellanox.co.il>
---
ibis/src/ibis_typemaps.i | 2 +-
ibis/src/ibsm.i | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ibis/src/ibis_typemaps.i b/ibis/src/ibis_typemaps.i
index b9449d2..4855e85 100644
--- a/ibis/src/ibis_typemaps.i
+++ b/ibis/src/ibis_typemaps.i
@@ -157,7 +157,7 @@
/* handle char arrays as members of a struct */
%typemap (tcl8, memberin) char [ANY] {
strncpy($target,$source,$dim0 - 1);
- $target[$dim0] = '\0';
+ $target[$dim0 - 1] = '\0';
}
%typemap(tcl8,out) ib_gid_t* {
diff --git a/ibis/src/ibsm.i b/ibis/src/ibsm.i
index 5979547..0e3d69b 100644
--- a/ibis/src/ibsm.i
+++ b/ibis/src/ibsm.i
@@ -642,7 +642,7 @@ typedef struct _ibsm_vl_arb_table
}
%typemap(tcl8,memberin) ibsm_node_desc_str_t[IB_NODE_DESCRIPTION_SIZE] {
strncpy((char *)$target,(char *)$source,IB_NODE_DESCRIPTION_SIZE - 1);
- $target[IB_NODE_DESCRIPTION_SIZE] = '\0';
+ $target[IB_NODE_DESCRIPTION_SIZE - 1] = '\0';
}
%typemap(tcl8,out) ibsm_node_desc_str_t[ANY] {
--
1.5.1.4
More information about the general
mailing list