* debug/recv_chk.c (__recv_chk): Always fail if request could

overflow the buffer. * debug/recvfrom_chk.c (__recvfrom_chk): Likewise.
author: Ulrich Drepper <drepper@redhat.com> 2005-03-06 21:25:22 +0000
committer: Ulrich Drepper <drepper@redhat.com> 2005-03-06 21:25:22 +0000
commit: 84c33ccbbe045d3b074d63504b4d5fad4dc253e6 (patch)
tree: 3fb35293bf8aa59953b42182606de71fd65cd4f3 /debug/recv_chk.c
parent: 5dc2883e54cd2ceec387d6fb3b889f86b9831a87 (diff)
download: glibc-84c33ccbbe045d3b074d63504b4d5fad4dc253e6.tar.gz
glibc-84c33ccbbe045d3b074d63504b4d5fad4dc253e6.tar.xz
glibc-84c33ccbbe045d3b074d63504b4d5fad4dc253e6.zip
1 files changed, 3 insertions, 6 deletions
diff --git a/debug/recv_chk.c b/debug/recv_chk.c
index 7a49d17234..479ebdfe72 100644
--- a/debug/recv_chk.c
+++ b/debug/recv_chk.c
@@ -23,11 +23,8 @@
 ssize_t
 __recv_chk (int fd, void *buf, size_t n, size_t buflen, int flags)
 {
-  /* In case N is greater than BUFLEN, we read BUFLEN+1 bytes.
-     This might overflow the buffer but the damage is reduced to just
-     one byte.  And the program will terminate right away.  */
-  ssize_t nrecv = __recv (fd, buf, MIN (n, buflen + 1), flags);
-  if (nrecv > 0 && (size_t) nrecv > buflen)
+  if (n > buflen)
     __chk_fail ();
-  return nrecv;
+
+  return __recv (fd, buf, n, flags);
 }
author	Ulrich Drepper <drepper@redhat.com>	2005-03-06 21:25:22 +0000
committer	Ulrich Drepper <drepper@redhat.com>	2005-03-06 21:25:22 +0000
commit	84c33ccbbe045d3b074d63504b4d5fad4dc253e6 (patch)
tree	3fb35293bf8aa59953b42182606de71fd65cd4f3 /debug/recv_chk.c
parent	5dc2883e54cd2ceec387d6fb3b889f86b9831a87 (diff)
download	glibc-84c33ccbbe045d3b074d63504b4d5fad4dc253e6.tar.gz glibc-84c33ccbbe045d3b074d63504b4d5fad4dc253e6.tar.xz glibc-84c33ccbbe045d3b074d63504b4d5fad4dc253e6.zip