GNU bug report logs - #76907
Potential buffer overflow in getsockopt

Previous Next

Package: guile;

Reported by: Mike Gran <spk121 <at> yahoo.com>

Date: Mon, 10 Mar 2025 00:58:02 UTC

Severity: normal

Done: Rob Browning <rlb <at> defaultvalue.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 76907 in the body.
You can then email your comments to 76907 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guile <at> gnu.org:
bug#76907; Package guile. (Mon, 10 Mar 2025 00:58:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Mike Gran <spk121 <at> yahoo.com>:
New bug report received and forwarded. Copy sent to bug-guile <at> gnu.org. (Mon, 10 Mar 2025 00:58:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Mike Gran <spk121 <at> yahoo.com>
To: bug-guile <at> gnu.org
Subject: Potential buffer overflow in getsockopt
Date: Sun, 09 Mar 2025 17:56:52 -0700

[Message part 1 (text/plain, inline)]
struct timeval is a potential return value of struct getsockopt, but,
when HAVE_STRUCT_LINGER is not defined, scm_t_getsockopt_result may
be too small to hold a struct timeval.

To fix this, struct timeval can be added to the scm_t_getsockopt_result
union.

Regards,
Mike Gran


[0001-Fixes-potential-buffer-overflow-in-getsockopt.patch (text/x-patch, attachment)]
Information forwarded to bug-guile <at> gnu.org:
bug#76907; Package guile. (Mon, 10 Mar 2025 16:54:02 GMT) Full text and rfc822 format available.

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Mike Gran <spk121 <at> yahoo.com>
To: bug-guile <at> gnu.org
Subject: Re: Potential buffer overflow in getsockopt
Date: Mon, 10 Mar 2025 09:52:50 -0700

Mike Gran <spk121 <at> yahoo.com> writes:

> struct timeval is a potential return value of struct getsockopt, but,
> when HAVE_STRUCT_LINGER is not defined, scm_t_getsockopt_result may
> be too small to hold a struct timeval.
>
> To fix this, struct timeval can be added to the scm_t_getsockopt_result
> union.

Also, this should partially fix the guile-without-threads in Guix's
CI.

https://ci.guix.gnu.org/build/9530486/details

Regards,
Mike Gran
Reply sent to Rob Browning <rlb <at> defaultvalue.org>:
You have taken responsibility. (Tue, 18 Mar 2025 19:37:02 GMT) Full text and rfc822 format available.
Notification sent to Mike Gran <spk121 <at> yahoo.com>:
bug acknowledged by developer. (Tue, 18 Mar 2025 19:37:02 GMT) Full text and rfc822 format available.

Message #13 received at 76907-done <at> debbugs.gnu.org (full text, mbox):

From: Rob Browning <rlb <at> defaultvalue.org>
To: Mike Gran <spk121 <at> yahoo.com>, 76907-done <at> debbugs.gnu.org
Subject: Re: bug#76907: Potential buffer overflow in getsockopt
Date: Tue, 18 Mar 2025 14:36:31 -0500

Mike Gran via "Bug reports for GUILE, GNU's Ubiquitous Extension
Language" <bug-guile <at> gnu.org> writes:

> struct timeval is a potential return value of struct getsockopt, but,
> when HAVE_STRUCT_LINGER is not defined, scm_t_getsockopt_result may
> be too small to hold a struct timeval.

Pushed to main along with a commit to add -Werror=array-bounds when
available which would have caught the issue.

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 16 Apr 2025 11:24:12 GMT) Full text and rfc822 format available.
This bug report was last modified 59 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.