From 4af6331a65af74f31585c04e70f1b8cbd320159d Mon Sep 17 00:00:00 2001 From: Michael Gran Date: Sat, 8 Mar 2025 18:42:35 -0800 Subject: [PATCH] Fixes potential buffer overflow in getsockopt for timevals struct timeval is a possible return value of getsockopt (e.g. SO_RCVTIMEO and SO_SNDTIMEO), but it is not included in the scm_t_getsockopt_result union, which may then be too small (and is on Debian amd64). * libguile/socket.c: add struct timeval to scm_t_getsockopt union [rlb@defaultvalue.org: adjust commit message; add NEWS] Closes: 76907 --- NEWS | 2 ++ libguile/socket.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 551662867..394a7a78d 100644 --- a/NEWS +++ b/NEWS @@ -96,6 +96,8 @@ every line in a file. ** r6rs-ports.test custom ports tests should no longer fail on stray closes Previously the custom ports weren't explicitly closed, causing GC-related closes to produce spurious "log" events in other tests. +** getsockopt no longer risks a buffer overrun with timestamps + () Changes in 3.0.10 (since 3.0.9) diff --git a/libguile/socket.c b/libguile/socket.c index 101afd80d..aa012c919 100644 --- a/libguile/socket.c +++ b/libguile/socket.c @@ -1,4 +1,4 @@ -/* Copyright 1996-1998,2000-2007,2009,2011-2015,2018,2021,2022 +/* Copyright 1996-1998,2000-2007,2009,2011-2015,2018,2021,2022,2025 Free Software Foundation, Inc. This file is part of Guile. @@ -454,6 +454,7 @@ typedef union #endif size_t size; int integer; + struct timeval timeval; } scm_t_getsockopt_result; SCM_DEFINE (scm_getsockopt, "getsockopt", 3, 0, 0,