lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 04 May 2017 11:07:54 -0500
From:   "Gustavo A. R. Silva" <garsilva@...eddedor.com>
To:     "David S. Miller" <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        James Morris <jmorris@...ei.org>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        Patrick McHardy <kaber@...sh.net>
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [net-ipv4] question about arguments position


Hello everybody,

While looking into Coverity ID 1357474 I ran into the following piece  
of code at net/ipv4/inet_diag.c:392:

struct sock *inet_diag_find_one_icsk(struct net *net,
                                      struct inet_hashinfo *hashinfo,
                                      const struct inet_diag_req_v2 *req)
{
         struct sock *sk;

         rcu_read_lock();
         if (req->sdiag_family == AF_INET)
                 sk = inet_lookup(net, hashinfo, NULL, 0, req->id.idiag_dst[0],
                                  req->id.idiag_dport, req->id.idiag_src[0],
                                  req->id.idiag_sport, req->id.idiag_if);
#if IS_ENABLED(CONFIG_IPV6)
         else if (req->sdiag_family == AF_INET6) {
                 if (ipv6_addr_v4mapped((struct in6_addr  
*)req->id.idiag_dst) &&
                     ipv6_addr_v4mapped((struct in6_addr *)req->id.idiag_src))
                         sk = inet_lookup(net, hashinfo, NULL, 0,  
req->id.idiag_dst[3],
                                          req->id.idiag_dport,  
req->id.idiag_src[3],
                                          req->id.idiag_sport,  
req->id.idiag_if);
                 else
                         sk = inet6_lookup(net, hashinfo, NULL, 0,
                                           (struct in6_addr  
*)req->id.idiag_dst,
                                           req->id.idiag_dport,
                                           (struct in6_addr  
*)req->id.idiag_src,
                                           req->id.idiag_sport,
                                           req->id.idiag_if);
         }
#endif

The issue here is that the position of arguments in the call to  
inet_lookup() and inet6_lookup() functions do not match the order of  
the parameters:

req->id.idiag_dport is passed to sport
req->id.idiag_sport is passed to dport

These are the function prototypes:

static inline struct sock *inet_lookup(struct net *net,
				       struct inet_hashinfo *hashinfo,
				       struct sk_buff *skb, int doff,
				       const __be32 saddr, const __be16 sport,
				       const __be32 daddr, const __be16 dport,
				       const int dif)

struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo,
			  struct sk_buff *skb, int doff,
			  const struct in6_addr *saddr, const __be16 sport,
			  const struct in6_addr *daddr, const __be16 dport,
			  const int dif)

My question here is if this is intentional?

In case it is not, I will send a patch to fix it. But first it would  
be great to hear any comment about it.

Thank you!
--
Gustavo A. R. Silva

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ