lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 1 Apr 2010 13:50:44 +0800
From:	Changli Gao <xiaosuo@...il.com>
To:	Neil Brown <neilb@...e.de>
Cc:	David Miller <davem@...emloft.net>, shemminger@...tta.com,
	netdev@...r.kernel.org
Subject: Re: Undefined behaviour of connect(fd, NULL, 0);

On Thu, Apr 1, 2010 at 12:16 PM, Changli Gao <xiaosuo@...il.com> wrote:
>
> I found this from man page for connect(2)
>
>       Generally, connection-based protocol sockets may successfully connect()
>       only once; connectionless protocol sockets may use  connect()  multiple
>       times to change their association.  Connectionless sockets may dissolve
>       the association by connecting to an address with the  sa_family  member
>       of sockaddr set to AF_UNSPEC (supported on Linux since kernel 2.2).
>

dissolving the association by connecting to an address with the
sa_family member of sockaddr set to AF_UNSEPC is broken too.

int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
{
        struct inet_sock *inet = inet_sk(sk);
        struct sockaddr_in *usin = (struct sockaddr_in *) uaddr;
        struct rtable *rt;
        __be32 saddr;
        int oif;
        int err;


        if (addr_len < sizeof(*usin))
                return -EINVAL;

        if (usin->sin_family != AF_INET)
                return -EAFNOSUPPORT;

according to the man page, sin_family == AF_UNSPEC should be allowed.
And netlink's connect doesn't check the addr_len, so it behavior is
also undeterminedl

static int netlink_connect(struct socket *sock, struct sockaddr *addr,
                           int alen, int flags)
{
        int err = 0;
        struct sock *sk = sock->sk;
        struct netlink_sock *nlk = nlk_sk(sk);
        struct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;

        if (addr->sa_family == AF_UNSPEC) {
                sk->sk_state    = NETLINK_UNCONNECTED;
                nlk->dst_pid    = 0;
                nlk->dst_group  = 0;
                return 0;
        }

If this issues need to be fixed, I'll check all the protocols if their
connect() checkes the sizeof of socket address or not, and post a
patch.

-- 
Regards,
Changli Gao(xiaosuo@...il.com)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ