[ofa-general] [PATCH v4] ibutils/ibis: prevent buffer overflows
Yevgeny Kliteynik
kliteyn at dev.mellanox.co.il
Fri Oct 10 15:31:36 PDT 2008
Oren,
[v4 of the patch - fixing the signed-off]
As discovered by Sasha Khapyorsky <sashak at voltaire.com>,
fixing two buffer overflows in the .i files.
Note that one of them is in typemap of char array,
which makes me wonder how this thing even worked...
Please regenerate wrappers after this patch.
Signed-off-by: Yevgeny Kliteynik <kliteyn at dev.mellanox.co.il>
---
ibis/src/ibis_typemaps.i | 2 +-
ibis/src/ibsm.i | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ibis/src/ibis_typemaps.i b/ibis/src/ibis_typemaps.i
index b9449d2..4855e85 100644
--- a/ibis/src/ibis_typemaps.i
+++ b/ibis/src/ibis_typemaps.i
@@ -157,7 +157,7 @@
/* handle char arrays as members of a struct */
%typemap (tcl8, memberin) char [ANY] {
strncpy($target,$source,$dim0 - 1);
- $target[$dim0] = '\0';
+ $target[$dim0 - 1] = '\0';
}
%typemap(tcl8,out) ib_gid_t* {
diff --git a/ibis/src/ibsm.i b/ibis/src/ibsm.i
index 5979547..0e3d69b 100644
--- a/ibis/src/ibsm.i
+++ b/ibis/src/ibsm.i
@@ -642,7 +642,7 @@ typedef struct _ibsm_vl_arb_table
}
%typemap(tcl8,memberin) ibsm_node_desc_str_t[IB_NODE_DESCRIPTION_SIZE] {
strncpy((char *)$target,(char *)$source,IB_NODE_DESCRIPTION_SIZE - 1);
- $target[IB_NODE_DESCRIPTION_SIZE] = '\0';
+ $target[IB_NODE_DESCRIPTION_SIZE - 1] = '\0';
}
%typemap(tcl8,out) ibsm_node_desc_str_t[ANY] {
--
1.5.1.4
More information about the general
mailing list