33 lines
1.4 KiB
Diff
33 lines
1.4 KiB
Diff
|
From e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Vignesh Babu <vigneshbabu@google.com>
|
||
|
|
Date: Thu, 12 Sep 2024 11:13:45 -0700
|
||
|
|
Subject: [PATCH] [EventEngine] Fix bug in Tx0cp code path in posix endpoint.
|
||
|
|
|
||
|
|
This fix ensures that the iov_base pointers point to the right address.
|
||
|
|
|
||
|
|
PiperOrigin-RevId: 673923651
|
||
|
|
|
||
|
|
CVE: CVE-2024-11407
|
||
|
|
Upstream-Status: Backport [https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791]
|
||
|
|
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
||
|
|
---
|
||
|
|
src/core/lib/event_engine/posix_engine/posix_endpoint.cc | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
|
||
|
|
index 7634bb1334b..c5708db02c5 100644
|
||
|
|
--- a/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
|
||
|
|
+++ b/src/core/lib/event_engine/posix_engine/posix_endpoint.cc
|
||
|
|
@@ -240,7 +240,7 @@ msg_iovlen_type TcpZerocopySendRecord::PopulateIovs(size_t* unwind_slice_idx,
|
||
|
|
iov_size++) {
|
||
|
|
MutableSlice& slice = internal::SliceCast<MutableSlice>(
|
||
|
|
buf_.MutableSliceAt(out_offset_.slice_idx));
|
||
|
|
- iov[iov_size].iov_base = slice.begin();
|
||
|
|
+ iov[iov_size].iov_base = slice.begin() + out_offset_.byte_idx;
|
||
|
|
iov[iov_size].iov_len = slice.length() - out_offset_.byte_idx;
|
||
|
|
*sending_length += iov[iov_size].iov_len;
|
||
|
|
++(out_offset_.slice_idx);
|
||
|
|
--
|
||
|
|
2.30.2
|
||
|
|
|