PCR 5906 - sendto() does not initialize message properly when to is NULL
Summary: sendto() does not initialize message properly when to is NULL
Status: CLOSED FIXED
Alias: None
Product: Socket
Classification: Deos
Component: sal (show other PCRs)
Version: Mainline
Hardware: All Deos
: By Cert
: Limitation
Target Milestone: mainline
Assignee: .Socket
URL:
Whiteboard:
Depends on:
Blocks:
 
Reported: 2009-05-14 13:23 MST by thomas.taranowski
Modified: 2010-06-17 13:13 MST (History)
1 user (show)

See Also:
Impact Assessment: ---
Organization: ---
jriedmann: Requirements+
jriedmann: Code+
jriedmann: TestCases+
jriedmann: TestProcedures+
jriedmann: Other+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this PCR.
Description thomas.taranowski 2009-05-14 13:23:09 MST 
The following scenario is not handled in the following SAL API:

SALBASEAPI int SALAPI sendto(int s, PFCCHAR buf, int len, int flags, PCSOCKADDR to, int tolen)
 

When calling sendto with to=NULL, and tolen=non-zero, the to and the tolen fields in the dataMessageType structure are not initialized.

 
Existing code:
if (to)
  {
    dataMessage->op.sendto.to = *to;
    dataMessage->op.sendto.tolen = tolen;
  }
 


The above code assumes that the envelope the dataMessage is being copied into has been cleared, which is not the case.

There is a missing else clause:

else

    {

            memset(dataMessage->op.sendto.to, 0,  sizeof(dataMessage->op.sendto.to));

            dataMessage->op.sendto.tolen = 0;

    }

With the added else clause, if I don’t pass in a 'to', the 'tolen' field is initialized correctly to 0.  If this is not done, when I pass a null 'to' into the function, the 'to' and 'tolen' are not defined.
Comment 1 thomas.taranowski 2009-05-20 11:14:41 MST 
This limitation can be overcome by ensuring that the tolen is correct for the API call.  a positive tolen should not be used when the to parameter is not set (NULL or invalid).
Comment 2 deosbugs.ccb 2010-03-25 15:05:00 MST 
CCB visited this PCR on 2010-03-25.
Comment 3 jriedmann 2010-04-09 16:40:04 MST 
Committed SVNRevision 15910.

Added code to clear the 'to' and 'tolen' parameter values sent to the network process when 'to' is null. Also updated the requirements, user guide, and release notes.
Comment 4 Adina Roffelsen 2010-06-02 15:13:22 MST 
Committed SVNRevision 16374.  Applies to PCR 5906, PCR 5714

Added test cases, test procedures, and modified can file.  Updated makefile to support startup library change.
Comment 5 Adina Roffelsen 2010-06-11 11:47:03 MST 
Committed SVNRevision 16463.

Fix typo in test procedure comment.
Comment 6 Adina Roffelsen 2010-06-11 11:48:38 MST 
Committed SVNRevision 16464.

Fix typo in test case as part of review feedback.
Comment 7 deosbugs.ccb 2010-06-17 13:04:25 MST 
CCB visited this PCR on 2010-06-17.