lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 28 Jun 2013 09:30:17 -0700
From:	Stephen Hemminger <stephen@...workplumber.org>
To:	Changli Gao <xiaosuo@...il.com>
Cc:	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH] net: Check the argument for listen(2)

On Sat, 29 Jun 2013 00:14:36 +0800
Changli Gao <xiaosuo@...il.com> wrote:

> As we use u16 to save the value of the argument for listen(2),
> we'd better check if the value is larger than SINT_MAX other
> than cut it down silently on error.
> ---
>  net/ipv4/af_inet.c |    3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> index b4d0be2..35aaf00 100644
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -198,6 +198,9 @@ int inet_listen(struct socket *sock, int backlog)
>  	unsigned char old_state;
>  	int err;
>  
> +	if (backlog >= (1 << 16))
> +		return EINVAL;
> +
>  	lock_sock(sk);
>  
>  	err = -EINVAL;

Is this just a theoretical problem or is there an example?
Since this is a user API, you should check related standards, it maybe
that the kernel should just silently truncate. Returning errors
to legacy applications makes people really angry.

If you decide that returning an error is the correct behaviour
then the return value should be negative in order to follow kernel practice
and other parts of same code.

Rather than open coding >= (1<<16) might be better to > USHRT_MAX.

Lastly, a test like this deserves a comment like:
       /* since sk_max_ack_backlog is ushort */

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ