GNU bug report logs - #45595
recvfrom! optional start and end parameter invalid

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guile; Reported by: d4ryus <d4ryus@HIDDEN>; Done: lloda <lloda@HIDDEN>; Maintainer for guile is bug-guile@HIDDEN.

Message received at 45595-done <at> debbugs.gnu.org:


Received: (at 45595-done) by debbugs.gnu.org; 3 Nov 2021 18:29:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Nov 03 14:29:14 2021
Received: from localhost ([127.0.0.1]:41195 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1miL0c-0001PG-0W
	for submit <at> debbugs.gnu.org; Wed, 03 Nov 2021 14:29:14 -0400
Received: from mta-09-4.privateemail.com ([68.65.122.29]:48192)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lloda@HIDDEN>) id 1miL0a-0001Oy-6X
 for 45595-done <at> debbugs.gnu.org; Wed, 03 Nov 2021 14:29:12 -0400
Received: from mta-09.privateemail.com (localhost [127.0.0.1])
 by mta-09.privateemail.com (Postfix) with ESMTP id 16E9B18000A6
 for <45595-done <at> debbugs.gnu.org>; Wed,  3 Nov 2021 14:29:06 -0400 (EDT)
Received: from [192.168.1.105] (unknown [10.20.151.232])
 by mta-09.privateemail.com (Postfix) with ESMTPA id 960D918000A2
 for <45595-done <at> debbugs.gnu.org>; Wed,  3 Nov 2021 14:29:05 -0400 (EDT)
From: lloda <lloda@HIDDEN>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
Subject: Re: recvfrom! optional start and end parameter invalid
Message-Id: <658A0848-76C3-4ABE-B543-455AFC965623@HIDDEN>
Date: Wed, 3 Nov 2021 19:29:03 +0100
To: 45595-done <at> debbugs.gnu.org
X-Mailer: Apple Mail (2.3608.120.23.2.7)
X-Virus-Scanned: ClamAV using ClamSMTP
X-Spam-Score: 3.7 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi, Your patch didn't allow for start == end, which is valid
 as far as I can tell. With that amended,
 applied in 1a8294f495cb202f8fcd0f260627c58e7a4c4d10. Thanks! 
 Content analysis details:   (3.7 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [68.65.122.29 listed in wl.mailspike.net]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
 3.7 FAKE_REPLY_B           No description available.
X-Debbugs-Envelope-To: 45595-done
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.7 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hi, Your patch didn't allow for start == end, which is valid
    as far as I can tell. With that amended, applied in 1a8294f495cb202f8fcd0f260627c58e7a4c4d10.
    Thanks! 
 
 Content analysis details:   (2.7 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
                             [68.65.122.29 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager
  3.7 FAKE_REPLY_B           No description available.


Hi,

Your patch didn't allow for start =3D=3D end, which is valid as far as I =
can tell.

With that amended, applied in 1a8294f495cb202f8fcd0f260627c58e7a4c4d10. =
Thanks!






Notification sent to d4ryus <d4ryus@HIDDEN>:
bug acknowledged by developer. Full text available.
Reply sent to lloda <lloda@HIDDEN>:
You have taken responsibility. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 1 Jan 2021 14:58:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 01 09:58:35 2021
Received: from localhost ([127.0.0.1]:34085 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kvLsx-0004Fi-6V
	for submit <at> debbugs.gnu.org; Fri, 01 Jan 2021 09:58:35 -0500
Received: from lists.gnu.org ([209.51.188.17]:35828)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <d4ryus@HIDDEN>) id 1kvIiA-00011R-Rx
 for submit <at> debbugs.gnu.org; Fri, 01 Jan 2021 06:35:15 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:49126)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <d4ryus@HIDDEN>)
 id 1kvIiA-0002oo-K6
 for bug-guile@HIDDEN; Fri, 01 Jan 2021 06:35:14 -0500
Received: from mout-p-201.mailbox.org ([80.241.56.171]:26690)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256)
 (Exim 4.90_1) (envelope-from <d4ryus@HIDDEN>)
 id 1kvIi4-00010i-BD
 for bug-guile@HIDDEN; Fri, 01 Jan 2021 06:35:12 -0500
Received: from smtp2.mailbox.org (smtp2.mailbox.org
 [IPv6:2001:67c:2050:105:465:1:2:0])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest
 SHA256) (No client certificate requested)
 by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4D6jcP4qV1zQlXV
 for <bug-guile@HIDDEN>; Fri,  1 Jan 2021 12:35:01 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailbox.org; h=
 content-disposition:content-type:content-type:mime-version
 :message-id:subject:subject:from:from:date:date:received; s=
 mail20150812; t=1609500898; bh=3ST0/BlxKz2fk4D6oJusySjaqBRytibng
 jbROLX/lds=; b=GQNCTIlUBrl4EDBIjqeLtshWVHvHDodDkr8qZ3vj4LNLk2dU5
 9SdvQNaUVWEjPc1Gn+VKsQabbvmEgU4z2MgqtR1G8q3YHDWLFX01e8E0O+QGheh/
 MJsv+9K2QnXZMAgLjESwvTXXzvmY9xVSPSOZ1Uc/Wdd+lG3skcFGP54OcE5uGMeh
 A3KPe8EUF7maMzmN6uJKZgjvECF3sPBOMLUVj4De71bKAM3hcngaJwvUeucWtFCU
 RI/JK+V4lvsxm/FTzyf4Fm7lKpMiec9D5KvOt0WASmK6zK5FUW1/pafC/djwy9qr
 yavvrXyRdyUK7G/cDDp6/ifI1J1k8vOaCLKXA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org;
 s=mail20150812; t=1609500899;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type;
 bh=UdnfZgwBVvMjaPzzNashQPc8KYkARyfvbtAY3UoxPtc=;
 b=Nq2Vh5yHYDVVxEqFMypZm46aI6jn4ZV/JNXhbOQBxyjV6OL6C/MQUM53+eQPTqezNWrn+8
 /kdPBYn71oq/GTTXT9EWJb929ljfxITlwhd4suyPUSvDqj7qAmTrQ6lfEuEcNzYg15HzCS
 Vtuerbve8NmUR+5ug+MpWqPwRNKH/MlaBXoc1lSJxIX1jHKt0zpx7ssFlxxyO/LRw19Bbt
 VNWiPWa7RXK7xjRDRyrD7VkOdWYLbesEDYnUeEcVacvkbUPgh6y1HvGAAiq/M/2R9gjHWZ
 UBBZRftgztcWTxu70Uo7Ou4zscdPUE5lzqHUFAsfXsLw5B6vf/7C879x2F41Pg==
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp2.mailbox.org ([80.241.60.241])
 by spamfilter04.heinlein-hosting.de (spamfilter04.heinlein-hosting.de
 [80.241.56.122]) (amavisd-new, port 10030)
 with ESMTP id mAyKdlCcRBeg for <bug-guile@HIDDEN>;
 Fri,  1 Jan 2021 12:34:58 +0100 (CET)
Date: Fri, 1 Jan 2021 12:34:57 +0100
From: d4ryus <d4ryus@HIDDEN>
To: bug-guile@HIDDEN
Subject: recvfrom! optional start and end parameter invalid
Message-ID: <X+8I4XX/XNRa7F6f@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="ZfzH6h+RtHXTuSTv"
Content-Disposition: inline
X-MBO-SPAM-Probability: 
X-Rspamd-Score: -0.99 / 15.00 / 15.00
X-Rspamd-Queue-Id: A3A4617B3
X-Rspamd-UID: d4fc5e
Received-SPF: pass client-ip=80.241.56.171; envelope-from=d4ryus@HIDDEN;
 helo=mout-p-201.mailbox.org
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Fri, 01 Jan 2021 09:58:33 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)


--ZfzH6h+RtHXTuSTv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

hi,

the parameter validation for the optional "start" and "end" arguments to
"recvfrom!" are off by one if "end" is passed. From libguile/socket.c
(master commit 64c89458e6):

  ...
  if (SCM_UNBNDP (end))
    cend = SCM_BYTEVECTOR_LENGTH (buf);
  else
    {
      cend = scm_to_size_t (end);
      if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
                        || cend < offset))
        scm_out_of_range (FUNC_NAME, end);
    }
  ...

"end" is the optional end argument, "offset" is 0 or "start" if start
was given. The check must be:

  cend > SCM_BYTEVECTOR_LENGTH (buf) || cend <= offset

to allow filling the last byte in the buffer and verify that start is
not equal to end. A workaround to skip the validation is to not pass
end. But i think a better way would be to always validate start (and
end), if one (or both) of them are passed. A potentional fix is
attached.

If you need any additional information, please let me know.

Thank you for your great work!

-  d4ryus

--ZfzH6h+RtHXTuSTv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="recvfrom-fix.patch"

diff --git a/libguile/socket.c b/libguile/socket.c
index 64354f1f1..d6e676744 100644
--- a/libguile/socket.c
+++ b/libguile/socket.c
@@ -1480,21 +1480,24 @@ SCM_DEFINE (scm_recvfrom, "recvfrom!", 2, 3, 0,
 
   SCM_VALIDATE_BYTEVECTOR (1, buf);
 
-  if (SCM_UNBNDP (start))
-    offset = 0;
-  else
-    offset = scm_to_size_t (start);
-
   if (SCM_UNBNDP (end))
     cend = SCM_BYTEVECTOR_LENGTH (buf);
   else
     {
       cend = scm_to_size_t (end);
-      if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf)
-                        || cend < offset))
+      if (SCM_UNLIKELY (cend > SCM_BYTEVECTOR_LENGTH (buf)))
         scm_out_of_range (FUNC_NAME, end);
     }
 
+  if (SCM_UNBNDP (start))
+    offset = 0;
+  else
+    {
+      offset = scm_to_size_t (start);
+      if (SCM_UNLIKELY (cend <= offset))
+        scm_out_of_range (FUNC_NAME, start);
+    }
+
   SCM_SYSCALL (rv = recvfrom (fd,
                               SCM_BYTEVECTOR_CONTENTS (buf) + offset,
                               cend - offset, flg,
 

--ZfzH6h+RtHXTuSTv--




Acknowledgement sent to d4ryus <d4ryus@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guile@HIDDEN. Full text available.
Report forwarded to bug-guile@HIDDEN:
bug#45595; Package guile. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Wed, 3 Nov 2021 18:45:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.