* Re: [PATCH 13/13] icmp6,dhcp6,dhcp: Ensure buffer space for SCM_TIMESTAMP
@ 2022-04-22 21:33 Denis Kenzior
0 siblings, 0 replies; 2+ messages in thread
From: Denis Kenzior @ 2022-04-22 21:33 UTC (permalink / raw)
To: ell
[-- Attachment #1: Type: text/plain, Size: 732 bytes --]
Hi Andrew,
On 4/22/22 13:59, Andrew Zaborowski wrote:
> Apparently the kernel will include message ancillary elements like
> SCM_TIMESTAMP even if there isn't enough space for the entire element.
> Reserve enough buffer space and check we received the whole
> SCM_TIMESTAMP element.
>
> Fixes: adf18f2bae67 ("icmp6: Use SO_TIMESTAMP")
> Fixes: cd678415a75c ("dhcp6: Set lease expiry based on frame reception times")
> Fixes: c78ad1bb6d7e ("dhcp: Set lease expiry based on frame reception times")
> ---
> ell/dhcp-transport.c | 6 ++++--
> ell/dhcp6-transport.c | 8 +++++---
> ell/icmp6.c | 7 +++++--
> 3 files changed, 14 insertions(+), 7 deletions(-)
>
Applied, thanks.
Regards,
-Denis
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH 13/13] icmp6, dhcp6, dhcp: Ensure buffer space for SCM_TIMESTAMP
@ 2022-04-22 18:59 Andrew Zaborowski
0 siblings, 0 replies; 2+ messages in thread
From: Andrew Zaborowski @ 2022-04-22 18:59 UTC (permalink / raw)
To: ell
[-- Attachment #1: Type: text/plain, Size: 3667 bytes --]
Apparently the kernel will include message ancillary elements like
SCM_TIMESTAMP even if there isn't enough space for the entire element.
Reserve enough buffer space and check we received the whole
SCM_TIMESTAMP element.
Fixes: adf18f2bae67 ("icmp6: Use SO_TIMESTAMP")
Fixes: cd678415a75c ("dhcp6: Set lease expiry based on frame reception times")
Fixes: c78ad1bb6d7e ("dhcp: Set lease expiry based on frame reception times")
---
ell/dhcp-transport.c | 6 ++++--
ell/dhcp6-transport.c | 8 +++++---
ell/icmp6.c | 7 +++++--
3 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/ell/dhcp-transport.c b/ell/dhcp-transport.c
index d73930b..52da2db 100644
--- a/ell/dhcp-transport.c
+++ b/ell/dhcp-transport.c
@@ -117,7 +117,7 @@ static bool _dhcp_default_transport_read_handler(struct l_io *io,
struct cmsghdr *cmsg;
struct iovec iov = { .iov_base = buf, .iov_len = sizeof(buf) };
struct msghdr msg = {};
- unsigned char control[32];
+ unsigned char control[32 + CMSG_SPACE(sizeof(struct timeval))];
msg.msg_name = &saddr;
msg.msg_namelen = sizeof(saddr);
@@ -165,7 +165,9 @@ static bool _dhcp_default_transport_read_handler(struct l_io *io,
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
cmsg = CMSG_NXTHDR(&msg, cmsg)) {
if (cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_TIMESTAMP) {
+ cmsg->cmsg_type == SCM_TIMESTAMP &&
+ cmsg->cmsg_len ==
+ CMSG_LEN(sizeof(struct timeval))) {
const struct timeval *tv = (void *) CMSG_DATA(cmsg);
timestamp = tv->tv_sec * L_USEC_PER_SEC + tv->tv_usec;
diff --git a/ell/dhcp6-transport.c b/ell/dhcp6-transport.c
index 04bf4fb..13545b8 100644
--- a/ell/dhcp6-transport.c
+++ b/ell/dhcp6-transport.c
@@ -61,7 +61,7 @@ static bool _dhcp6_default_transport_read_handler(struct l_io *io,
struct cmsghdr *cmsg;
struct iovec iov = { .iov_base = buf, .iov_len = sizeof(buf) };
struct msghdr msg = {};
- unsigned char control[32];
+ unsigned char control[32 + CMSG_SPACE(sizeof(struct timeval))];
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
@@ -78,8 +78,10 @@ static bool _dhcp6_default_transport_read_handler(struct l_io *io,
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
cmsg = CMSG_NXTHDR(&msg, cmsg)) {
if (cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_TIMESTAMP) {
- const struct timeval *tv = (void *) CMSG_DATA(cmsg);
+ cmsg->cmsg_type == SCM_TIMESTAMP &&
+ cmsg->cmsg_len ==
+ CMSG_LEN(sizeof(struct timeval))) {
+ const struct timeval *tv = (void *) CMSG_DATA(cmsg);
timestamp = tv->tv_sec * L_USEC_PER_SEC + tv->tv_usec;
}
diff --git a/ell/icmp6.c b/ell/icmp6.c
index 158cfa8..ab2fe9c 100644
--- a/ell/icmp6.c
+++ b/ell/icmp6.c
@@ -203,7 +203,8 @@ static int icmp6_send_router_solicitation(int s, const uint8_t mac[static 6])
static int icmp6_receive(int s, void *buf, size_t buf_len, struct in6_addr *src,
uint64_t *out_timestamp)
{
- char c_msg_buf[CMSG_SPACE(sizeof(int))];
+ char c_msg_buf[CMSG_SPACE(sizeof(int)) +
+ CMSG_SPACE(sizeof(struct timeval))];
struct iovec iov = {
.iov_base = buf,
.iov_len = buf_len,
@@ -242,7 +243,9 @@ static int icmp6_receive(int s, void *buf, size_t buf_len, struct in6_addr *src,
if (hops != 255)
return -EMULTIHOP;
} else if (cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_TIMESTAMP) {
+ cmsg->cmsg_type == SCM_TIMESTAMP &&
+ cmsg->cmsg_len ==
+ CMSG_LEN(sizeof(struct timeval))) {
const struct timeval *tv = (void *) CMSG_DATA(cmsg);
timestamp = tv->tv_sec * L_USEC_PER_SEC + tv->tv_usec;
--
2.32.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-22 21:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-22 21:33 [PATCH 13/13] icmp6,dhcp6,dhcp: Ensure buffer space for SCM_TIMESTAMP Denis Kenzior
-- strict thread matches above, loose matches on Subject: below --
2022-04-22 18:59 [PATCH 13/13] icmp6, dhcp6, dhcp: " Andrew Zaborowski
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.