From d5bfa879088e7dfd3f79cdf724ce8f2880f872cb Mon Sep 17 00:00:00 2001
From: Zhiyi Zhang <zzhang@codeweavers.com>
Date: Thu, 13 Jun 2024 12:33:52 +0800
Subject: [PATCH] ntdll: Don't zero out socket address in sockaddr_from_unix().

tallygatewayserver.exe specifies a from sockaddr pointing to a heap buffer smaller than 128 bytes
yet it passes 128 as the fromlen to recvfrom(). So the memset(wsaddr, 0, wsaddrlen) call in
sockaddr_from_unix() ends up trashing other data in the heap, causing the application to crash.
Although this is an application bug, tests on Windows also showed that the socket address buffer
should be written only with the necessary socket address data, thus preventing the crash.
---
 dlls/ntdll/unix/socket.c | 2 --
 dlls/ws2_32/tests/sock.c | 2 --
 2 files changed, 4 deletions(-)

diff --git a/dlls/ntdll/unix/socket.c b/dlls/ntdll/unix/socket.c
index 65f30759db3..ea2f5d3a670 100644
--- a/dlls/ntdll/unix/socket.c
+++ b/dlls/ntdll/unix/socket.c
@@ -298,8 +298,6 @@ static socklen_t sockaddr_to_unix( const struct WS_sockaddr *wsaddr, int wsaddrl
 
 static int sockaddr_from_unix( const union unix_sockaddr *uaddr, struct WS_sockaddr *wsaddr, socklen_t wsaddrlen )
 {
-    memset( wsaddr, 0, wsaddrlen );
-
     switch (uaddr->addr.sa_family)
     {
     case AF_INET:
diff --git a/dlls/ws2_32/tests/sock.c b/dlls/ws2_32/tests/sock.c
index 57f1e6f9f97..e8c618cc0af 100644
--- a/dlls/ws2_32/tests/sock.c
+++ b/dlls/ws2_32/tests/sock.c
@@ -3224,7 +3224,6 @@ static void test_UDP(void)
     n_recv = recvfrom ( peer[0].s, buf, sizeof(buf), 0, (struct sockaddr *)sockaddr_buf, &ss );
     todo_wine
     ok ( n_recv == SOCKET_ERROR, "UDP: recvfrom() succeeded\n" );
-    todo_wine
     ok ( sockaddr_buf[0] == 'A', "UDP: marker got overwritten\n" );
     if ( n_recv == SOCKET_ERROR )
     {
@@ -3241,7 +3240,6 @@ static void test_UDP(void)
     ss = sizeof(sockaddr_buf);
     n_recv = recvfrom ( peer[0].s, buf, sizeof(buf), 0, (struct sockaddr *)sockaddr_buf, &ss );
     ok ( n_recv == sizeof(buf), "UDP: recvfrom() received wrong amount of data or socket error: %d\n", n_recv );
-    todo_wine
     ok ( sockaddr_buf[1023] == 'B', "UDP: marker got overwritten\n" );
 
     /* test getsockname() */