unix: socket.getaddrinfo: Port is unsigned value.

Treating it as signed lead to buffer overflow for ports >= 32768.

unix: socket.getaddrinfo: Port is unsigned value.
Treating it as signed lead to buffer overflow for ports >= 32768.
115afdb0 · Paul Sokolovsky · cf814b2d · 115afdb0
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

unix/modsocket.c unix/modsocket.c +2 -2

未找到文件。
--- a/unix/modsocket.c
+++ b/unix/modsocket.c
@@ -367,9 +367,9 @@ STATIC mp_obj_t mod_socket_getaddrinfo(mp_uint_t n_args, const mp_obj_t *args) {
    // getaddrinfo accepts port in string notation, so however
    // it may seem stupid, we need to convert int to str
    if (MP_OBJ_IS_SMALL_INT(args[1])) {
-        int port = (short)MP_OBJ_SMALL_INT_VALUE(args[1]);
+        unsigned port = (unsigned short)MP_OBJ_SMALL_INT_VALUE(args[1]);
        char buf[6];
-        sprintf(buf, "%d", port);
+        sprintf(buf, "%u", port);
        serv = buf;
        hints.ai_flags = AI_NUMERICSERV;
 #ifdef __UCLIBC_MAJOR__