ntdll: Don't zero out socket address in sockaddr_from_unix().

tallygatewayserver.exe specifies a from sockaddr pointing to a heap buffer smaller than 128 bytes yet it passes 128 as the fromlen to recvfrom(). So the memset(wsaddr, 0, wsaddrlen) call in sockaddr_from_unix() ends up trashing other data in the heap, causing the application to crash. Although this is an application bug, tests on Windows also showed that the socket address buffer should be written only with the necessary socket address data, thus preventing the crash.
2024-06-29 06:14:34 +00:00 · 2024-06-13 12:33:52 +08:00 · 2024-06-13 12:33:52 +08:00 · d5bfa87908
commit d5bfa87908
parent 2c01c0136b
2 changed files with 0 additions and 4 deletions
--- a/dlls/ntdll/unix/socket.c
+++ b/dlls/ntdll/unix/socket.c
@ -298,8 +298,6 @@ static socklen_t sockaddr_to_unix( const struct WS_sockaddr *wsaddr, int wsaddrl

 static int sockaddr_from_unix( const union unix_sockaddr *uaddr, struct WS_sockaddr *wsaddr, socklen_t wsaddrlen )
 {
-    memset( wsaddr, 0, wsaddrlen );
-
    switch (uaddr->addr.sa_family)
    {
    case AF_INET:
--- a/dlls/ws2_32/tests/sock.c
+++ b/dlls/ws2_32/tests/sock.c
@ -3224,7 +3224,6 @@ static void test_UDP(void)
    n_recv = recvfrom ( peer[0].s, buf, sizeof(buf), 0, (struct sockaddr *)sockaddr_buf, &ss );
    todo_wine
    ok ( n_recv == SOCKET_ERROR, "UDP: recvfrom() succeeded\n" );
-    todo_wine
    ok ( sockaddr_buf[0] == 'A', "UDP: marker got overwritten\n" );
    if ( n_recv == SOCKET_ERROR )
    {
@ -3241,7 +3240,6 @@ static void test_UDP(void)
    ss = sizeof(sockaddr_buf);
    n_recv = recvfrom ( peer[0].s, buf, sizeof(buf), 0, (struct sockaddr *)sockaddr_buf, &ss );
    ok ( n_recv == sizeof(buf), "UDP: recvfrom() received wrong amount of data or socket error: %d\n", n_recv );
-    todo_wine
    ok ( sockaddr_buf[1023] == 'B', "UDP: marker got overwritten\n" );

    /* test getsockname() */