From unknown Wed Sep 10 11:03:37 2025 X-Loop: help-debbugs@gnu.org Subject: bug#45595: recvfrom! optional start and end parameter invalid Resent-From: d4ryus Original-Sender: "Debbugs-submit" Resent-CC: bug-guile@gnu.org Resent-Date: Fri, 01 Jan 2021 14:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 45595 X-GNU-PR-Package: guile X-GNU-PR-Keywords: To: 45595@debbugs.gnu.org X-Debbugs-Original-To: bug-guile@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.160951311616354 (code B ref -1); Fri, 01 Jan 2021 14:59:02 +0000 Received: (at submit) by debbugs.gnu.org; 1 Jan 2021 14:58:36 +0000 Received: from localhost ([127.0.0.1]:34085 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kvLsx-0004Fi-6V for submit@debbugs.gnu.org; Fri, 01 Jan 2021 09:58:35 -0500 Received: from lists.gnu.org ([209.51.188.17]:35828) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kvIiA-00011R-Rx for submit@debbugs.gnu.org; Fri, 01 Jan 2021 06:35:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49126) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kvIiA-0002oo-K6 for bug-guile@gnu.org; Fri, 01 Jan 2021 06:35:14 -0500 Received: from mout-p-201.mailbox.org ([80.241.56.171]:26690) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1kvIi4-00010i-BD for bug-guile@gnu.org; Fri, 01 Jan 2021 06:35:12 -0500 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4D6jcP4qV1zQlXV for ; Fri, 1 Jan 2021 12:35:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailbox.org; h= content-disposition:content-type:content-type:mime-version :message-id:subject:subject:from:from:date:date:received; s= mail20150812; t=1609500898; bh=3ST0/BlxKz2fk4D6oJusySjaqBRytibng jbROLX/lds=; b=GQNCTIlUBrl4EDBIjqeLtshWVHvHDodDkr8qZ3vj4LNLk2dU5 9SdvQNaUVWEjPc1Gn+VKsQabbvmEgU4z2MgqtR1G8q3YHDWLFX01e8E0O+QGheh/ MJsv+9K2QnXZMAgLjESwvTXXzvmY9xVSPSOZ1Uc/Wdd+lG3skcFGP54OcE5uGMeh A3KPe8EUF7maMzmN6uJKZgjvECF3sPBOMLUVj4De71bKAM3hcngaJwvUeucWtFCU RI/JK+V4lvsxm/FTzyf4Fm7lKpMiec9D5KvOt0WASmK6zK5FUW1/pafC/djwy9qr yavvrXyRdyUK7G/cDDp6/ifI1J1k8vOaCLKXA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1609500899; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=UdnfZgwBVvMjaPzzNashQPc8KYkARyfvbtAY3UoxPtc=; b=Nq2Vh5yHYDVVxEqFMypZm46aI6jn4ZV/JNXhbOQBxyjV6OL6C/MQUM53+eQPTqezNWrn+8 /kdPBYn71oq/GTTXT9EWJb929ljfxITlwhd4suyPUSvDqj7qAmTrQ6lfEuEcNzYg15HzCS Vtuerbve8NmUR+5ug+MpWqPwRNKH/MlaBXoc1lSJxIX1jHKt0zpx7ssFlxxyO/LRw19Bbt VNWiPWa7RXK7xjRDRyrD7VkOdWYLbesEDYnUeEcVacvkbUPgh6y1HvGAAiq/M/2R9gjHWZ UBBZRftgztcWTxu70Uo7Ou4zscdPUE5lzqHUFAsfXsLw5B6vf/7C879x2F41Pg== X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter04.heinlein-hosting.de (spamfilter04.heinlein-hosting.de [80.241.56.122]) (amavisd-new, port 10030) with ESMTP id mAyKdlCcRBeg for ; Fri, 1 Jan 2021 12:34:58 +0100 (CET) Date: Fri, 1 Jan 2021 12:34:57 +0100 From: d4ryus Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ZfzH6h+RtHXTuSTv" Content-Disposition: inline X-MBO-SPAM-Probability: X-Rspamd-Score: -0.99 / 15.00 / 15.00 X-Rspamd-Queue-Id: A3A4617B3 X-Rspamd-UID: d4fc5e Received-SPF: pass client-ip=80.241.56.171; envelope-from=d4ryus@mailbox.org; helo=mout-p-201.mailbox.org X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Mailman-Approved-At: Fri, 01 Jan 2021 09:58:33 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --ZfzH6h+RtHXTuSTv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi, the parameter validation for the optional "start" and "end" arguments to "recvfrom!" are off by one if "end" is passed. From libguile/socket.c (master commit 64c89458e6): ... if (SCM_UNBNDP (end)) cend = SCM_BYTEVECTOR_LENGTH (buf); else { cend = scm_to_size_t (end); if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf) || cend < offset)) scm_out_of_range (FUNC_NAME, end); } ... "end" is the optional end argument, "offset" is 0 or "start" if start was given. The check must be: cend > SCM_BYTEVECTOR_LENGTH (buf) || cend <= offset to allow filling the last byte in the buffer and verify that start is not equal to end. A workaround to skip the validation is to not pass end. But i think a better way would be to always validate start (and end), if one (or both) of them are passed. A potentional fix is attached. If you need any additional information, please let me know. Thank you for your great work! - d4ryus --ZfzH6h+RtHXTuSTv Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="recvfrom-fix.patch" diff --git a/libguile/socket.c b/libguile/socket.c index 64354f1f1..d6e676744 100644 --- a/libguile/socket.c +++ b/libguile/socket.c @@ -1480,21 +1480,24 @@ SCM_DEFINE (scm_recvfrom, "recvfrom!", 2, 3, 0, SCM_VALIDATE_BYTEVECTOR (1, buf); - if (SCM_UNBNDP (start)) - offset = 0; - else - offset = scm_to_size_t (start); - if (SCM_UNBNDP (end)) cend = SCM_BYTEVECTOR_LENGTH (buf); else { cend = scm_to_size_t (end); - if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf) - || cend < offset)) + if (SCM_UNLIKELY (cend > SCM_BYTEVECTOR_LENGTH (buf))) scm_out_of_range (FUNC_NAME, end); } + if (SCM_UNBNDP (start)) + offset = 0; + else + { + offset = scm_to_size_t (start); + if (SCM_UNLIKELY (cend <= offset)) + scm_out_of_range (FUNC_NAME, start); + } + SCM_SYSCALL (rv = recvfrom (fd, SCM_BYTEVECTOR_CONTENTS (buf) + offset, cend - offset, flg, --ZfzH6h+RtHXTuSTv-- From unknown Wed Sep 10 11:03:37 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: d4ryus Subject: bug#45595: closed (Re: recvfrom! optional start and end parameter invalid) Message-ID: References: <658A0848-76C3-4ABE-B543-455AFC965623@sarc.name> X-Gnu-PR-Message: they-closed 45595 X-Gnu-PR-Package: guile Reply-To: 45595@debbugs.gnu.org Date: Wed, 03 Nov 2021 18:30:03 +0000 Content-Type: multipart/mixed; boundary="----------=_1635964203-5534-1" This is a multi-part message in MIME format... ------------=_1635964203-5534-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #45595: recvfrom! optional start and end parameter invalid which was filed against the guile package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 45595@debbugs.gnu.org. --=20 45595: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D45595 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1635964203-5534-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 45595-done) by debbugs.gnu.org; 3 Nov 2021 18:29:14 +0000 Received: from localhost ([127.0.0.1]:41195 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1miL0c-0001PG-0W for submit@debbugs.gnu.org; Wed, 03 Nov 2021 14:29:14 -0400 Received: from mta-09-4.privateemail.com ([68.65.122.29]:48192) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1miL0a-0001Oy-6X for 45595-done@debbugs.gnu.org; Wed, 03 Nov 2021 14:29:12 -0400 Received: from mta-09.privateemail.com (localhost [127.0.0.1]) by mta-09.privateemail.com (Postfix) with ESMTP id 16E9B18000A6 for <45595-done@debbugs.gnu.org>; Wed, 3 Nov 2021 14:29:06 -0400 (EDT) Received: from [192.168.1.105] (unknown [10.20.151.232]) by mta-09.privateemail.com (Postfix) with ESMTPA id 960D918000A2 for <45595-done@debbugs.gnu.org>; Wed, 3 Nov 2021 14:29:05 -0400 (EDT) From: lloda Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\)) Subject: Re: recvfrom! optional start and end parameter invalid Message-Id: <658A0848-76C3-4ABE-B543-455AFC965623@sarc.name> Date: Wed, 3 Nov 2021 19:29:03 +0100 To: 45595-done@debbugs.gnu.org X-Mailer: Apple Mail (2.3608.120.23.2.7) X-Virus-Scanned: ClamAV using ClamSMTP X-Spam-Score: 3.7 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, Your patch didn't allow for start == end, which is valid as far as I can tell. With that amended, applied in 1a8294f495cb202f8fcd0f260627c58e7a4c4d10. Thanks! Content analysis details: (3.7 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [68.65.122.29 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 3.7 FAKE_REPLY_B No description available. X-Debbugs-Envelope-To: 45595-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 2.7 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, Your patch didn't allow for start == end, which is valid as far as I can tell. With that amended, applied in 1a8294f495cb202f8fcd0f260627c58e7a4c4d10. Thanks! Content analysis details: (2.7 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [68.65.122.29 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager 3.7 FAKE_REPLY_B No description available. Hi, Your patch didn't allow for start =3D=3D end, which is valid as far as I = can tell. With that amended, applied in 1a8294f495cb202f8fcd0f260627c58e7a4c4d10. = Thanks! ------------=_1635964203-5534-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 1 Jan 2021 14:58:36 +0000 Received: from localhost ([127.0.0.1]:34085 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kvLsx-0004Fi-6V for submit@debbugs.gnu.org; Fri, 01 Jan 2021 09:58:35 -0500 Received: from lists.gnu.org ([209.51.188.17]:35828) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kvIiA-00011R-Rx for submit@debbugs.gnu.org; Fri, 01 Jan 2021 06:35:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49126) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kvIiA-0002oo-K6 for bug-guile@gnu.org; Fri, 01 Jan 2021 06:35:14 -0500 Received: from mout-p-201.mailbox.org ([80.241.56.171]:26690) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1kvIi4-00010i-BD for bug-guile@gnu.org; Fri, 01 Jan 2021 06:35:12 -0500 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4D6jcP4qV1zQlXV for ; Fri, 1 Jan 2021 12:35:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailbox.org; h= content-disposition:content-type:content-type:mime-version :message-id:subject:subject:from:from:date:date:received; s= mail20150812; t=1609500898; bh=3ST0/BlxKz2fk4D6oJusySjaqBRytibng jbROLX/lds=; b=GQNCTIlUBrl4EDBIjqeLtshWVHvHDodDkr8qZ3vj4LNLk2dU5 9SdvQNaUVWEjPc1Gn+VKsQabbvmEgU4z2MgqtR1G8q3YHDWLFX01e8E0O+QGheh/ MJsv+9K2QnXZMAgLjESwvTXXzvmY9xVSPSOZ1Uc/Wdd+lG3skcFGP54OcE5uGMeh A3KPe8EUF7maMzmN6uJKZgjvECF3sPBOMLUVj4De71bKAM3hcngaJwvUeucWtFCU RI/JK+V4lvsxm/FTzyf4Fm7lKpMiec9D5KvOt0WASmK6zK5FUW1/pafC/djwy9qr yavvrXyRdyUK7G/cDDp6/ifI1J1k8vOaCLKXA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1609500899; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=UdnfZgwBVvMjaPzzNashQPc8KYkARyfvbtAY3UoxPtc=; b=Nq2Vh5yHYDVVxEqFMypZm46aI6jn4ZV/JNXhbOQBxyjV6OL6C/MQUM53+eQPTqezNWrn+8 /kdPBYn71oq/GTTXT9EWJb929ljfxITlwhd4suyPUSvDqj7qAmTrQ6lfEuEcNzYg15HzCS Vtuerbve8NmUR+5ug+MpWqPwRNKH/MlaBXoc1lSJxIX1jHKt0zpx7ssFlxxyO/LRw19Bbt VNWiPWa7RXK7xjRDRyrD7VkOdWYLbesEDYnUeEcVacvkbUPgh6y1HvGAAiq/M/2R9gjHWZ UBBZRftgztcWTxu70Uo7Ou4zscdPUE5lzqHUFAsfXsLw5B6vf/7C879x2F41Pg== X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter04.heinlein-hosting.de (spamfilter04.heinlein-hosting.de [80.241.56.122]) (amavisd-new, port 10030) with ESMTP id mAyKdlCcRBeg for ; Fri, 1 Jan 2021 12:34:58 +0100 (CET) Date: Fri, 1 Jan 2021 12:34:57 +0100 From: d4ryus To: bug-guile@gnu.org Subject: recvfrom! optional start and end parameter invalid Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ZfzH6h+RtHXTuSTv" Content-Disposition: inline X-MBO-SPAM-Probability: X-Rspamd-Score: -0.99 / 15.00 / 15.00 X-Rspamd-Queue-Id: A3A4617B3 X-Rspamd-UID: d4fc5e Received-SPF: pass client-ip=80.241.56.171; envelope-from=d4ryus@mailbox.org; helo=mout-p-201.mailbox.org X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Fri, 01 Jan 2021 09:58:33 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --ZfzH6h+RtHXTuSTv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi, the parameter validation for the optional "start" and "end" arguments to "recvfrom!" are off by one if "end" is passed. From libguile/socket.c (master commit 64c89458e6): ... if (SCM_UNBNDP (end)) cend = SCM_BYTEVECTOR_LENGTH (buf); else { cend = scm_to_size_t (end); if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf) || cend < offset)) scm_out_of_range (FUNC_NAME, end); } ... "end" is the optional end argument, "offset" is 0 or "start" if start was given. The check must be: cend > SCM_BYTEVECTOR_LENGTH (buf) || cend <= offset to allow filling the last byte in the buffer and verify that start is not equal to end. A workaround to skip the validation is to not pass end. But i think a better way would be to always validate start (and end), if one (or both) of them are passed. A potentional fix is attached. If you need any additional information, please let me know. Thank you for your great work! - d4ryus --ZfzH6h+RtHXTuSTv Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="recvfrom-fix.patch" diff --git a/libguile/socket.c b/libguile/socket.c index 64354f1f1..d6e676744 100644 --- a/libguile/socket.c +++ b/libguile/socket.c @@ -1480,21 +1480,24 @@ SCM_DEFINE (scm_recvfrom, "recvfrom!", 2, 3, 0, SCM_VALIDATE_BYTEVECTOR (1, buf); - if (SCM_UNBNDP (start)) - offset = 0; - else - offset = scm_to_size_t (start); - if (SCM_UNBNDP (end)) cend = SCM_BYTEVECTOR_LENGTH (buf); else { cend = scm_to_size_t (end); - if (SCM_UNLIKELY (cend >= SCM_BYTEVECTOR_LENGTH (buf) - || cend < offset)) + if (SCM_UNLIKELY (cend > SCM_BYTEVECTOR_LENGTH (buf))) scm_out_of_range (FUNC_NAME, end); } + if (SCM_UNBNDP (start)) + offset = 0; + else + { + offset = scm_to_size_t (start); + if (SCM_UNLIKELY (cend <= offset)) + scm_out_of_range (FUNC_NAME, start); + } + SCM_SYSCALL (rv = recvfrom (fd, SCM_BYTEVECTOR_CONTENTS (buf) + offset, cend - offset, flg, --ZfzH6h+RtHXTuSTv-- ------------=_1635964203-5534-1--