* [PATCH v2] net: Check the argument for listen(2)
@ 2013-06-28 16:22 Changli Gao
2013-06-28 16:33 ` Eric Dumazet
0 siblings, 1 reply; 4+ messages in thread
From: Changli Gao @ 2013-06-28 16:22 UTC (permalink / raw)
To: David S. Miller; +Cc: Changli Gao, netdev
As we use u16 to save the value of the argument for listen(2),
we'd better check if the value is larger than SINT_MAX other
than cut it down silently on error.
---
net/ipv4/af_inet.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index b4d0be2..35aaf00 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -198,6 +198,9 @@ int inet_listen(struct socket *sock, int backlog)
unsigned char old_state;
int err;
+ if (backlog >= (1 << 16))
+ return -EINVAL;
+
lock_sock(sk);
err = -EINVAL;
--
1.7.9.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] net: Check the argument for listen(2)
2013-06-28 16:22 [PATCH v2] net: Check the argument for listen(2) Changli Gao
@ 2013-06-28 16:33 ` Eric Dumazet
2013-06-28 16:47 ` Changli Gao
2013-06-28 18:01 ` Rick Jones
0 siblings, 2 replies; 4+ messages in thread
From: Eric Dumazet @ 2013-06-28 16:33 UTC (permalink / raw)
To: Changli Gao; +Cc: David S. Miller, netdev
On Sat, 2013-06-29 at 00:22 +0800, Changli Gao wrote:
> As we use u16 to save the value of the argument for listen(2),
> we'd better check if the value is larger than SINT_MAX other
> than cut it down silently on error.
> ---
> net/ipv4/af_inet.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> index b4d0be2..35aaf00 100644
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -198,6 +198,9 @@ int inet_listen(struct socket *sock, int backlog)
> unsigned char old_state;
> int err;
>
> + if (backlog >= (1 << 16))
> + return -EINVAL;
> +
> lock_sock(sk);
>
> err = -EINVAL;
Well, there is still this possible regression for old applications.
Just use u32 fields instead of u16 ?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] net: Check the argument for listen(2)
2013-06-28 16:33 ` Eric Dumazet
@ 2013-06-28 16:47 ` Changli Gao
2013-06-28 18:01 ` Rick Jones
1 sibling, 0 replies; 4+ messages in thread
From: Changli Gao @ 2013-06-28 16:47 UTC (permalink / raw)
To: Eric Dumazet; +Cc: David S. Miller, Linux Netdev List
On Sat, Jun 29, 2013 at 12:33 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>
> Well, there is still this possible regression for old applications.
>
> Just use u32 fields instead of u16 ?
>
I'll look at this. Thanks.
--
Regards,
Changli Gao(xiaosuo@gmail.com)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] net: Check the argument for listen(2)
2013-06-28 16:33 ` Eric Dumazet
2013-06-28 16:47 ` Changli Gao
@ 2013-06-28 18:01 ` Rick Jones
1 sibling, 0 replies; 4+ messages in thread
From: Rick Jones @ 2013-06-28 18:01 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Changli Gao, David S. Miller, netdev
On 06/28/2013 09:33 AM, Eric Dumazet wrote:
>
> Well, there is still this possible regression for old applications.
>
> Just use u32 fields instead of u16 ?
FWIW, the manpage for listen() gives the backlog parameter as an "int"
SYNOPSIS
#include <sys/types.h> /* See NOTES */
#include <sys/socket.h>
int listen(int sockfd, int backlog);
and mentions no explicit limit beyond 2.4.35, only interaction with the
likes of /proc/sys/net/core/somaxconn.
And sys/socket.h has:
/* Prepare to accept connections on socket FD.
N connection requests will be queued before further requests are
refused.
Returns 0 on success, -1 for errors. */
extern int listen (int __fd, int __n) __THROW;
Not sure if it is considered "sane" to try to set the backlog to a
negative value of course...
rick jones
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-06-28 18:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-06-28 16:22 [PATCH v2] net: Check the argument for listen(2) Changli Gao
2013-06-28 16:33 ` Eric Dumazet
2013-06-28 16:47 ` Changli Gao
2013-06-28 18:01 ` Rick Jones
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.