From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: Ani Sinha <ani@arista.com>, David Miller <davem@davemloft.net>,
matthew.leach@arm.com
Cc: netdev@vger.kernel.org, fenner <fenner@arista.com>,
fruggeri <fruggeri@arista.com>, travisb <travisb@arista.com>
Subject: Re: [PATCH] net: socket: do not validate msg_namelen unless msg_name is non-NULL
Date: Fri, 05 Sep 2014 23:14:20 +0200 [thread overview]
Message-ID: <1409951660.1177372.164202273.1FB2783A@webmail.messagingengine.com> (raw)
In-Reply-To: <CAOxq_8O=8epuyj2+V8RFep2tHVwk06q5gEK1ho0RUSV4GQV0Kw@mail.gmail.com>
Hi,
On Fri, Sep 5, 2014, at 23:00, Ani Sinha wrote:
> Hi guys :
>
> I am looking at the thread :
>
> [PATCH] net: socket: error on a negative msg_namelen
>
> and the patch that was submitted in that thread :
>
> commit dbb490b96584d4e958533fb637f08b557f505657
> Author: Matthew Leach <matthew.leach@arm.com>
> Date: Tue Mar 11 11:58:27 2014 +0000
>
> net: socket: error on a negative msg_namelen
>
>
> According to the linux recvmsg manpage, the caller of recvmsg() may
> set msg_name to NULL if he does not care about source address but the
> manpage does not say that one has to set msg_namelen to 0 in this
> case. Essentially msg_namelen is a don't care if msg_name is NULL. I
> think in the kernel, we should validate msg_namelen only if the caller
> has also set msg_name and return EINVAL only when msg_name is non-null
> and msg_namelen is negative.
>
> The following patch will do the intended :
>
>
> From ef8e8bd78635ac677f2d4b76fec9990ed1db763c Mon Sep 17 00:00:00 2001
> From: Ani Sinha <ani@aristanetworks.com>
> Date: Fri, 5 Sep 2014 13:25:22 -0700
> Subject:[PATCH] net: socket: do not validate msg_namelen unless
> msg_name is non-NULL
>
> The value of msg_namelen in msghdr structure is irrelevant
> when msg_name is NULL. We should not validate the value
> passed in msg_namelen unless msg_name is non-NULL.
>
> Signed-off-by: Ani Sinha <ani@aristanetworks.com>
> ---
> net/socket.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/net/socket.c b/net/socket.c
> index 95ee7d8..a5dfe01 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -1997,7 +1997,7 @@ static int copy_msghdr_from_user(struct msghdr
> *kmsg,
> if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
> return -EFAULT;
>
> - if (kmsg->msg_namelen < 0)
> + if (kmsg->msg_name && kmsg->msg_namelen < 0)
> return -EINVAL;
>
> if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
The reason for the above mentioned commit was the signed/unsigned
conversion by this check. To not trigger any static checker tools, I
would suggest to just set kmsg->msg_namelen to zero in case msg_name is
NULL.
Thanks,
Hannes
next prev parent reply other threads:[~2014-09-05 21:14 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-05 21:00 [PATCH] net: socket: do not validate msg_namelen unless msg_name is non-NULL Ani Sinha
2014-09-05 21:14 ` Hannes Frederic Sowa [this message]
2014-09-05 21:21 ` Ani Sinha
2014-09-05 21:26 ` Hannes Frederic Sowa
2014-09-05 21:42 ` Eric Dumazet
2014-09-05 21:44 ` Ani Sinha
2014-09-08 21:53 ` Ani Sinha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1409951660.1177372.164202273.1FB2783A@webmail.messagingengine.com \
--to=hannes@stressinduktion.org \
--cc=ani@arista.com \
--cc=davem@davemloft.net \
--cc=fenner@arista.com \
--cc=fruggeri@arista.com \
--cc=matthew.leach@arm.com \
--cc=netdev@vger.kernel.org \
--cc=travisb@arista.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.