From c3d21cb61f97109551536de0c28b3b8d0ad11e95 Mon Sep 17 00:00:00 2001 From: Dick Porter Date: Wed, 26 Apr 2006 15:22:22 +0000 Subject: [PATCH] 2006-04-26 Dick Porter * sockets.c (WSAIoctl): Check the output buffer is valid before writing to it. * handles.c (_wapi_search_handle): Set shared pointer if we find a shared handle that has been already opened. 2006-04-26 Dick Porter * socket-io.c (hostent_to_IPHostEntry2): Explicitly check for NULL dereference. svn path=/trunk/mono/; revision=59930 --- mono/io-layer/ChangeLog | 8 ++++++++ mono/io-layer/handles.c | 5 +++++ mono/io-layer/sockets.c | 8 +++++++- mono/metadata/ChangeLog | 5 +++++ mono/metadata/socket-io.c | 5 ++++- 5 files changed, 29 insertions(+), 2 deletions(-) diff --git a/mono/io-layer/ChangeLog b/mono/io-layer/ChangeLog index 51dbf696bad..e2f6b233659 100644 --- a/mono/io-layer/ChangeLog +++ b/mono/io-layer/ChangeLog @@ -1,3 +1,11 @@ +2006-04-26 Dick Porter + + * sockets.c (WSAIoctl): Check the output buffer is valid before + writing to it. + + * handles.c (_wapi_search_handle): Set shared pointer if we find a + shared handle that has been already opened. + 2006-04-21 Dick Porter * threads.c (GetCurrentThread): Reference the handle if we return diff --git a/mono/io-layer/handles.c b/mono/io-layer/handles.c index a27540bca6e..77f0a6c2c6e 100644 --- a/mono/io-layer/handles.c +++ b/mono/io-layer/handles.c @@ -673,6 +673,11 @@ gpointer _wapi_search_handle (WapiHandleType type, if (check (ret, user_data) == TRUE) { _wapi_handle_ref (ret); found = TRUE; + + if (_WAPI_SHARED_HANDLE (type)) { + shared = &_wapi_shared_layout->handles[i]; + } + break; } } diff --git a/mono/io-layer/sockets.c b/mono/io-layer/sockets.c index 51592e16417..f830414395f 100644 --- a/mono/io-layer/sockets.c +++ b/mono/io-layer/sockets.c @@ -794,9 +794,15 @@ WSAIoctl (guint32 fd, gint32 command, } else { /* We just copy the buffer to the output. Some ioctls * don't even output any data, but, well... + * + * NB windows returns WSAEFAULT if o_len is too small */ i_len = (i_len > o_len) ? o_len : i_len; - memcpy (output, buffer, i_len); + + if (i_len > 0 && output != NULL) { + memcpy (output, buffer, i_len); + } + g_free (buffer); *written = i_len; } diff --git a/mono/metadata/ChangeLog b/mono/metadata/ChangeLog index 8a569e81b53..7416fd24989 100644 --- a/mono/metadata/ChangeLog +++ b/mono/metadata/ChangeLog @@ -1,3 +1,8 @@ +2006-04-26 Dick Porter + + * socket-io.c (hostent_to_IPHostEntry2): Explicitly check for NULL + dereference. + 2006-04-25 Martin Baulig * mono-debug.h (MONO_DEBUGGER_VERSION): Bump to 56. diff --git a/mono/metadata/socket-io.c b/mono/metadata/socket-io.c index c10e2bf1173..831b59230d5 100644 --- a/mono/metadata/socket-io.c +++ b/mono/metadata/socket-io.c @@ -2187,7 +2187,8 @@ static gboolean hostent_to_IPHostEntry2(struct hostent *he1,struct hostent *he2, mono_array_setref (*h_aliases, i, alias); i++; } - } else if (family_hint == PF_UNSPEC || family_hint == PF_INET6) { + } else if (he2 != NULL && (family_hint == PF_UNSPEC || + family_hint == PF_INET6)) { *h_name=mono_string_new (domain, he2->h_name); i=0; @@ -2205,6 +2206,8 @@ static gboolean hostent_to_IPHostEntry2(struct hostent *he1,struct hostent *he2, mono_array_setref (*h_aliases, i, alias); i++; } + } else { + return(FALSE); } /* -- 2.25.1