Fixes potential buffer overflow in getsockopt for timevals

struct timeval is a possible return value of getsockopt (e.g. SO_RCVTIMEO and SO_SNDTIMEO), but it is not included in the scm_t_getsockopt_result union, which may then be too small (and is on Debian amd64). * libguile/socket.c: add struct timeval to scm_t_getsockopt union [rlb@defaultvalue.org: adjust commit message; add NEWS] Closes: 76907
2025-04-29 19:30:36 +02:00 · 2025-03-08 18:42:35 -08:00 · 2025-03-08 18:42:35 -08:00 · 4af6331a65
commit 4af6331a65
parent 402e0dfa33
2 changed files with 4 additions and 1 deletions
--- a/2
+++ b/2
@ -96,6 +96,8 @@ every line in a file.
 ** r6rs-ports.test custom ports tests should no longer fail on stray closes
   Previously the custom ports weren't explicitly closed, causing
   GC-related closes to produce spurious "log" events in other tests.
+** getsockopt no longer risks a buffer overrun with timestamps
+   (<https://bugs.gnu.org/76907>)


 Changes in 3.0.10 (since 3.0.9)
--- a/libguile/socket.c
+++ b/libguile/socket.c
@ -1,4 +1,4 @@
-/* Copyright 1996-1998,2000-2007,2009,2011-2015,2018,2021,2022
+/* Copyright 1996-1998,2000-2007,2009,2011-2015,2018,2021,2022,2025
     Free Software Foundation, Inc.

   This file is part of Guile.
@ -454,6 +454,7 @@ typedef union
 #endif
  size_t size;
  int    integer;
+  struct timeval timeval;
 } scm_t_getsockopt_result;

 SCM_DEFINE (scm_getsockopt, "getsockopt", 3, 0, 0,