lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 24 May 2007 06:36:05 +0200
From:	Eric Dumazet <dada1@...mosbay.com>
To:	Vasily Averin <vvs@...ru>
CC:	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
	Andrew Morton <akpm@...l.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	devel@...nvz.org
Subject: Re: [PATCH netdev] "wrong timeout value" in sk_wait_data()

Vasily Averin a écrit :
> sys_setsockopt() do not check properly timeout values for
> SO_RCVTIMEO/SO_SNDTIMEO, for example it's possible to set negative timeout
> values. POSIX do not defines behaviour for sys_setsockopt in case negative
> timeouts, but requires that setsockopt() shall fail with -EDOM if the send and
> receive timeout values are too big to fit into the timeout fields in the socket
> structure.
> In current implementation negative timeout can lead to error messages like
> "schedule_timeout: wrong timeout value".
> 
> Proposed patch:
> - checks tv_usec and returns -EDOM if it is wrong
> - do not allows to set negative timeout values (sets 0 instead) and outputs
> ratelimited information message about such attempts.
> 
> Signed-Off-By:	Vasily Averin <vvs@...ru>
> 
> diff --git a/net/core/sock.c b/net/core/sock.c
> index 22183c2..27d7a46 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -206,7 +206,19 @@ static int sock_set_timeout(long *timeo_p, char __user
> *optval, int optlen)
>  		return -EINVAL;
>  	if (copy_from_user(&tv, optval, sizeof(tv)))
>  		return -EFAULT;
> -
> +	if (tv.tv_usec < 0 || tv.tv_usec >= 1000000)
> +		return -EDOM;

Please use USEC_PER_SEC instead of 1000000

> +
> +	if (tv.tv_sec < 0) {
> +		static int warned = 0;
> +		*timeo_p = 0;
> +		if (warned < 10 && net_ratelimit())
> +			warned++;
> +			printk(KERN_INFO "sock_set_timeout: `%s' (pid %d) "
> +			       "tries to set negative timeout\n",
> +			        current->comm, current->pid);
> +		return 0;
> +	}
>  	*timeo_p = MAX_SCHEDULE_TIMEOUT;
>  	if (tv.tv_sec == 0 && tv.tv_usec == 0)
>  		return 0;
> 

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ