From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:37003) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RKuSe-0006lR-90 for qemu-devel@nongnu.org; Mon, 31 Oct 2011 12:11:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RKuSc-0004Fk-QS for qemu-devel@nongnu.org; Mon, 31 Oct 2011 12:11:44 -0400 Received: from oxygen.pond.sub.org ([78.46.104.156]:49001) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RKuSc-0004FB-KM for qemu-devel@nongnu.org; Mon, 31 Oct 2011 12:11:42 -0400 From: Markus Armbruster Date: Mon, 31 Oct 2011 17:11:37 +0100 Message-Id: <1320077498-692-2-git-send-email-armbru@redhat.com> In-Reply-To: <1320077498-692-1-git-send-email-armbru@redhat.com> References: <1320077498-692-1-git-send-email-armbru@redhat.com> Subject: [Qemu-devel] [PATCH 1/2] net: socket backend passes junk size to getsockname(), fix List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: aliguori@us.ibm.com net_socket_fd_init_dgram() passes an uninitialized address length to getsockname(). I guess this happens to work as long as the junk value is at least sizeof(sockaddr_in). Spotted by Coverity. Signed-off-by: Markus Armbruster --- net/socket.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/socket.c b/net/socket.c index e9ef128..eb3e0d6 100644 --- a/net/socket.c +++ b/net/socket.c @@ -260,6 +260,7 @@ static NetSocketState *net_socket_fd_init_dgram(VLANState *vlan, */ if (is_connected) { + saddr_len = sizeof(saddr); if (getsockname(fd, (struct sockaddr *) &saddr, &saddr_len) == 0) { /* must be bound */ if (saddr.sin_addr.s_addr==0) { -- 1.7.6.4