Re: [PATCH] unix domain sockets bugfix

Balazs Scheidler (bazsi@balabit.hu)
Mon, 7 Oct 2002 10:01:01 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David S. Miller: "Re: [PATCH] unix domain sockets bugfix"
Previous message: David S. Miller: "Re: [PATCH] unix domain sockets bugfix"
In reply to: David S. Miller: "Re: [PATCH] unix domain sockets bugfix"
Next in thread: David S. Miller: "Re: [PATCH] unix domain sockets bugfix"

On Mon, Oct 07, 2002 at 12:48:00AM -0700, David S. Miller wrote:
> From: Balazs Scheidler <bazsi@balabit.hu>
> Date: Mon, 7 Oct 2002 09:35:32 +0200
>
> The returned socklen is 2, but the sockaddr.family is not touched. A fix is
> below:
>
> Since msg->msg_namelen is zero, msg->msg_name should not be
> interpreted in any way at all.

You would be right, if it would be zero, but it isn't:

373 res = recvfrom(closure->fd, buffer, length, 0, (struct sockaddr *) addr, (socklen_t *) addrlen);
(gdb) n
375 if (*addrlen == 2) {
(gdb) p *addrlen
$2 = 2

Checking out the code again:

static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
{
msg->msg_namelen = sizeof(short);
if (sk->protinfo.af_unix.addr) {
msg->msg_namelen=sk->protinfo.af_unix.addr->len;
memcpy(msg->msg_name,
sk->protinfo.af_unix.addr->name,
sk->protinfo.af_unix.addr->len);
}
}

namelen is explicitly set to sizeof(short) == 2.

This is 2.4.18

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: David S. Miller: "Re: [PATCH] unix domain sockets bugfix"
Previous message: David S. Miller: "Re: [PATCH] unix domain sockets bugfix"
In reply to: David S. Miller: "Re: [PATCH] unix domain sockets bugfix"
Next in thread: David S. Miller: "Re: [PATCH] unix domain sockets bugfix"