* [PATCH] unix domain sockets bugfix
@ 2002-10-07 7:35 Balazs Scheidler
2002-10-07 7:48 ` David S. Miller
2002-10-07 9:15 ` James Morris
0 siblings, 2 replies; 6+ messages in thread
From: Balazs Scheidler @ 2002-10-07 7:35 UTC (permalink / raw)
To: linux-kernel
Hi,
I've found a bug with unix domain sockets in both kernels 2.2 and 2.4.
If the program issues a recvfrom() on a SOCK_DGRAM socket, and the sender
had no name, the sockaddr returned is not filled in.
The returned socklen is 2, but the sockaddr.family is not touched. A fix is
below:
--- af_unix.c~ Mon Feb 25 20:38:16 2002
+++ af_unix.c Fri Oct 4 09:46:26 2002
@@ -1392,6 +1392,9 @@
sk->protinfo.af_unix.addr->name,
sk->protinfo.af_unix.addr->len);
}
+ else {
+ ((struct sockaddr *) msg->msg_name)->sa_family = AF_UNIX;
+ }
}
static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg, int size,
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] unix domain sockets bugfix
2002-10-07 7:35 [PATCH] unix domain sockets bugfix Balazs Scheidler
@ 2002-10-07 7:48 ` David S. Miller
2002-10-07 8:01 ` Balazs Scheidler
2002-10-07 9:15 ` James Morris
1 sibling, 1 reply; 6+ messages in thread
From: David S. Miller @ 2002-10-07 7:48 UTC (permalink / raw)
To: bazsi; +Cc: linux-kernel
From: Balazs Scheidler <bazsi@balabit.hu>
Date: Mon, 7 Oct 2002 09:35:32 +0200
The returned socklen is 2, but the sockaddr.family is not touched. A fix is
below:
Since msg->msg_namelen is zero, msg->msg_name should not be
interpreted in any way at all.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] unix domain sockets bugfix
2002-10-07 8:01 ` Balazs Scheidler
@ 2002-10-07 7:56 ` David S. Miller
0 siblings, 0 replies; 6+ messages in thread
From: David S. Miller @ 2002-10-07 7:56 UTC (permalink / raw)
To: bazsi; +Cc: linux-kernel
From: Balazs Scheidler <bazsi@balabit.hu>
Date: Mon, 7 Oct 2002 10:01:01 +0200
This is 2.4.18
Look at current 2.4.20-preX sources, it is set to zero
now.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] unix domain sockets bugfix
2002-10-07 7:48 ` David S. Miller
@ 2002-10-07 8:01 ` Balazs Scheidler
2002-10-07 7:56 ` David S. Miller
0 siblings, 1 reply; 6+ messages in thread
From: Balazs Scheidler @ 2002-10-07 8:01 UTC (permalink / raw)
To: David S. Miller; +Cc: linux-kernel
On Mon, Oct 07, 2002 at 12:48:00AM -0700, David S. Miller wrote:
> From: Balazs Scheidler <bazsi@balabit.hu>
> Date: Mon, 7 Oct 2002 09:35:32 +0200
>
> The returned socklen is 2, but the sockaddr.family is not touched. A fix is
> below:
>
> Since msg->msg_namelen is zero, msg->msg_name should not be
> interpreted in any way at all.
You would be right, if it would be zero, but it isn't:
373 res = recvfrom(closure->fd, buffer, length, 0, (struct sockaddr *) addr, (socklen_t *) addrlen);
(gdb) n
375 if (*addrlen == 2) {
(gdb) p *addrlen
$2 = 2
Checking out the code again:
static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
{
msg->msg_namelen = sizeof(short);
if (sk->protinfo.af_unix.addr) {
msg->msg_namelen=sk->protinfo.af_unix.addr->len;
memcpy(msg->msg_name,
sk->protinfo.af_unix.addr->name,
sk->protinfo.af_unix.addr->len);
}
}
namelen is explicitly set to sizeof(short) == 2.
This is 2.4.18
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] unix domain sockets bugfix
2002-10-07 7:35 [PATCH] unix domain sockets bugfix Balazs Scheidler
2002-10-07 7:48 ` David S. Miller
@ 2002-10-07 9:15 ` James Morris
1 sibling, 0 replies; 6+ messages in thread
From: James Morris @ 2002-10-07 9:15 UTC (permalink / raw)
To: Balazs Scheidler; +Cc: linux-kernel
On Mon, 7 Oct 2002, Balazs Scheidler wrote:
> I've found a bug with unix domain sockets in both kernels 2.2 and 2.4.
This is not an issue for 2.2, as msg->msg_namelen is already zeroed
appropriately.
- James
--
James Morris
<jmorris@intercode.com.au>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] unix domain sockets bugfix
@ 2002-11-05 17:54 Balazs Scheidler
0 siblings, 0 replies; 6+ messages in thread
From: Balazs Scheidler @ 2002-11-05 17:54 UTC (permalink / raw)
To: David S. Miller; +Cc: linux-kernel
2.4.20-rc1, still not working well for recvfrom() of unix-dgram sockets. It
doesn't return 0 as the length of the sockaddr, checking out the code again
makes me think that this is the problem:
--- socket.c.old Tue Nov 5 18:48:22 2002
+++ socket.c Tue Nov 5 18:49:34 2002
@@ -1262,7 +1262,7 @@
flags |= MSG_DONTWAIT;
err=sock_recvmsg(sock, &msg, size, flags);
- if(err >= 0 && addr != NULL && msg.msg_namelen)
+ if(err >= 0 && addr != NULL)
{
err2=move_addr_to_user(address, msg.msg_namelen, addr, addr_len);
if(err2<0)
---------
strace for the behaviour of the kernel:
> recvfrom(3, "<38>Nov 5 17:53:01 PAM_unix[952"..., 2048, 0, {sin_family=0xf80c /* AF_??? */, {sa_family=63500, sa_data="\377\27
> 7\6\351\4\10\10\270\5\10\360@\5\10"}, [256]) = 82
you can see that 256 is returned as the length of the sockaddr, and there's garbage in the sa_family field.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2002-11-05 17:48 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-10-07 7:35 [PATCH] unix domain sockets bugfix Balazs Scheidler
2002-10-07 7:48 ` David S. Miller
2002-10-07 8:01 ` Balazs Scheidler
2002-10-07 7:56 ` David S. Miller
2002-10-07 9:15 ` James Morris
2002-11-05 17:54 Balazs Scheidler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).