|author||Tom Tsou <firstname.lastname@example.org>||2016-04-28 21:55:17 -0700|
|committer||Tom Tsou <email@example.com>||2016-05-02 17:37:05 -0700|
common: Add mandatory length field to UDP receive calls
Current UDP receive reads up to MAX_UDP_LENGTH bytes into the passed in buffer, which may lead to buffer overflow if the write buffer is of insufficient size. Add mandatory length argument to UDP socket receive calls. Reported-by: Simone Margaritelli <firstname.lastname@example.org> Signed-off-by: Tom Tsou <email@example.com>
Diffstat (limited to 'CommonLibs/Sockets.h')
1 files changed, 2 insertions, 2 deletions
diff --git a/CommonLibs/Sockets.h b/CommonLibs/Sockets.h
index c79f79a..0a70269 100644
@@ -108,7 +108,7 @@ public:
@param buffer A char[MAX_UDP_LENGTH] procured by the caller.
@return The number of bytes received or -1 on non-blocking pass.
- int read(char* buffer);
+ int read(char* buffer, size_t length);
Receive a packet with a timeout.
@@ -116,7 +116,7 @@ public:
@param maximum wait time in milliseconds
@return The number of bytes received or -1 on timeout.
- int read(char* buffer, unsigned timeout);
+ int read(char* buffer, size_t length, unsigned timeout);
/** Send a packet to a given destination, other than the default. */