mirror/Sunshine
1
0
Fork 0
mirror of https://github.com/LizardByte/Sunshine.git synced 2025-03-29 22:20:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix crash during UDP segmentation due to stack garbage

Browse Source 
CMSG_NXTHDR() tries to read the _next_ message to check if it fits in
the provided control buffer length. If that part of the stack has some
large value stored in the uninitialized cmsg_len there, CMSG_NXTHDR()
will return NULL and we will crash.
This commit is contained in:
Cameron Gutman 2023-10-01 23:29:00 -05:00
parent f76879eb0d
commit 1303defb67
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/platform/linux/misc.cpp
View File

@ -301,7 +301,7 @@ namespace platf {
char buf[CMSG_SPACE(sizeof(uint16_t)) +
std::max(CMSG_SPACE(sizeof(struct in_pktinfo)), CMSG_SPACE(sizeof(struct in6_pktinfo)))];
struct cmsghdr alignment;
} cmbuf;
} cmbuf = {}; // Must be zeroed for CMSG_NXTHDR()
socklen_t cmbuflen = 0;
msg.msg_control = cmbuf.buf;