Hi Jon, The function gdm_address_new_from_sockaddr_storage gets called in a few places with socket addresses that aren't necessary sockaddr_storage bytes big (all the places that call getaddrinfo). This results in the memdup call in that function potentially copying out of bounds bytes. We need to know how many bytes to copy, so we don't copy more than are allocated, or less than the address type needs. I've attached a patch to change GdmAddress * gdm_address_new_from_sockaddr_storage (sockaddr_storage *ss) to GdmAddress * gdm_address_new_from_sockaddr (sockaddr *sa, size_t size) --Ray
Attachment:
gdm-2.99.0-fix-invalid-read.patch
Description: Binary data